Vulnerabilities > Dialogic > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-03 | CVE-2018-11641 | Use of Hard-coded Credentials vulnerability in Dialogic Powermedia XMS 3.5 Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service. | 9.8 |
| 2018-07-03 | CVE-2018-11640 | XXE vulnerability in Dialogic Powermedia XMS 3.5 XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption). | 9.1 |
| 2018-07-03 | CVE-2018-11635 | Use of Hard-coded Credentials vulnerability in Dialogic Powermedia XMS 3.5 Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication. | 9.8 |