CVE-2025-48929

MEDIUM Year: 2025
CVSS v3 Score
4.0
Medium
Weakness Type
CWE-922
View all →

Vulnerability Description

The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary, as exploited in the wild in May 2025.

Related Vulnerabilities

CVE-2019-3684

MEDIUM
CVSS:4.0(Medium)

SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have b...

CWE-9222019

CVE-2019-4695

MEDIUM
CVSS:4.0(Medium)

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926.

CWE-9222019

CVE-2020-4344

MEDIUM
CVSS:4.0(Medium)

IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247.

CWE-9222020

CVE-2020-4371

MEDIUM
CVSS:4.0(Medium)

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.

CWE-9222020

CVE-2020-4650

MEDIUM
CVSS:4.0(Medium)

IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023.

CWE-9222020

CVE-2020-4726

MEDIUM
CVSS:4.0(Medium)

The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975.

CWE-9222020