Vulnerabilities > Splicecom
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-25 | CVE-2023-33757 | Improper Certificate Validation vulnerability in Splicecom Ipcs and Ipcs2 A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack. | 5.9 |
| 2024-01-25 | CVE-2023-33758 | Cross-site Scripting vulnerability in Splicecom Maximiser Soft PBX Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component. | 6.1 |
| 2024-01-25 | CVE-2023-33759 | Improper Restriction of Excessive Authentication Attempts vulnerability in Splicecom Maximiser Soft PBX SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack. | 9.8 |
| 2024-01-25 | CVE-2023-33760 | Improper Certificate Validation vulnerability in Splicecom Maximiser Soft PBX SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. | 5.3 |