Description
Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud (RMC) allows Brute Force.

This issue affects Related Marketing Cloud (RMC): through 12052026.
Published: 2026-06-12
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an authentication bypass that allows an attacker to spoof credentials, enabling brute‑force attempts against the authentication system. Because an attacker can obtain unauthorized access, the potential impact includes data exposure, manipulation, or denial of service. The weakness is identified as CWE‑290, indicating improper authentication.

Affected Systems

All instances of Hedef Media Promotion Interactive Media Marketing Inc.'s Related Marketing Cloud (RMC) that are running versions up to and including 12052026 are affected. No other versions are listed here. The product is a marketing cloud platform used for digital media campaigns.

Risk and Exploitability

The CVSS score of 6.5 indicates a medium‑to‑high severity. While the EPSS score is not available, the absence of a KEV listing suggests no known widespread exploitation at this time. However, the attack vector described in the CVE—that an attacker can spoof authentication—implies that the vulnerability can be engaged remotely, often via brute‑force login attempts. Consequently, the risk to a system that exposes RMC to external users is moderate to high, especially if rate limiting or multi‑factor authentication is not in place.

Generated by OpenCVE AI on June 12, 2026 at 16:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest Related Marketing Cloud release that supersedes version 12052026.
  • Deploy rate limiting or account lockout mechanisms to slow brute‑force attempts against the authentication interface.
  • Enable multi‑factor authentication for all user accounts to add a second verification layer.
  • Continuously monitor authentication logs for repeated failed login attempts.

Generated by OpenCVE AI on June 12, 2026 at 16:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Hedef Media
Hedef Media related Marketing Cloud (rmc)
Vendors & Products Hedef Media
Hedef Media related Marketing Cloud (rmc)

Fri, 12 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 12 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud (RMC) allows Brute Force. This issue affects Related Marketing Cloud (RMC): through 12052026.
Title Authentication Bypass in Related Digital's Related Marketing Cloud (RMC)
Weaknesses CWE-290
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Hedef Media Related Marketing Cloud (rmc)
cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-06-12T16:02:06.341Z

Reserved: 2026-04-08T12:59:13.701Z

Link: CVE-2026-5792

cve-icon Vulnrichment

Updated: 2026-06-12T16:02:01.209Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T16:16:34.240

Modified: 2026-06-12T16:17:58.070

Link: CVE-2026-5792

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:20:09Z

Weaknesses
  • CWE-290

    Authentication Bypass by Spoofing