VYPR
Unrated severityNVD Advisory· Published Apr 10, 2009· Updated Jun 16, 2026

CVE-2008-6706

CVE-2008-6706

Description

Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

15
  • cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*
    • (no CPE)range: 3.1.x
  • cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*
    • (no CPE)range: 3.x and 4.0

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.