VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Apr 10, 2009· Updated Apr 23, 2026

CVE-2008-6706

CVE-2008-6706

Description

Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."

Affected products

13
  • Avaya/Communication Manager9 versions
    cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*
  • Avaya/Sip Enablement Services4 versions
    cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

14

News mentions

0

No linked articles in our index yet.