VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Apr 10, 2009· Updated Apr 23, 2026

CVE-2008-6707

CVE-2008-6707

Description

The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."

Affected products

13
  • Avaya/Communication Manager9 versions
    cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*
  • Avaya/Sip Enablement Services4 versions
    cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

19

News mentions

0

No linked articles in our index yet.