dialogic CVE Vulnerabilities & Metrics

Focus on dialogic vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About dialogic Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with dialogic. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total dialogic CVEs: 10
Earliest CVE date: 03 Jul 2018, 17:29 UTC
Latest CVE date: 03 Jul 2018, 17:29 UTC

Latest CVE reference: CVE-2018-11643

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical dialogic CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.23

Max CVSS: 9.0

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	5
7.0-8.9	3
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS dialogic CVEs

These are the five CVEs with the highest CVSS scores for dialogic, sorted by severity first and recency.

CVE-2018-11638 dialogic Published on 03 Jul 2018, 17:29 UTC (CVSS: 9.0)
Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution.
CVE-2018-11641 dialogic Published on 03 Jul 2018, 17:29 UTC (CVSS: 7.5)
Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service.
CVE-2018-11635 dialogic Published on 03 Jul 2018, 17:29 UTC (CVSS: 7.5)
Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication.
CVE-2018-11642 dialogic Published on 03 Jul 2018, 17:29 UTC (CVSS: 7.2)
Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user.
CVE-2018-11636 dialogic Published on 03 Jul 2018, 17:29 UTC (CVSS: 6.8)
Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions.

All CVEs for dialogic

CVE-2018-11643 dialogic vulnerability CVSS: 6.5 03 Jul 2018, 17:29 UTC

SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter.

CVE-2018-11642 dialogic vulnerability CVSS: 7.2 03 Jul 2018, 17:29 UTC

Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user.

CVE-2018-11641 dialogic vulnerability CVSS: 7.5 03 Jul 2018, 17:29 UTC

Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service.

CVE-2018-11640 dialogic vulnerability CVSS: 6.4 03 Jul 2018, 17:29 UTC

XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption).

CVE-2018-11639 dialogic vulnerability CVSS: 4.3 03 Jul 2018, 17:29 UTC

Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext.

CVE-2018-11638 dialogic vulnerability CVSS: 9.0 03 Jul 2018, 17:29 UTC

Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution.

CVE-2018-11637 dialogic vulnerability CVSS: 5.0 03 Jul 2018, 17:29 UTC

Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root.

CVE-2018-11636 dialogic vulnerability CVSS: 6.8 03 Jul 2018, 17:29 UTC

Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions.

CVE-2018-11635 dialogic vulnerability CVSS: 7.5 03 Jul 2018, 17:29 UTC

Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication.

CVE-2018-11634 dialogic vulnerability CVSS: 2.1 03 Jul 2018, 17:29 UTC

Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db.