VYPR
Unrated severityNVD Advisory· Published Aug 11, 2020· Updated Sep 16, 2024

Avaya Product System Management Interface Cross-Site Request Forgery Vulnerability

CVE-2020-7029

Description

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Avaya/Aura Messagingllm-create2 versions
    7.0.x, 7.1, 7.1 SP1+ 1 more
    • (no CPE)range: 7.0.x, 7.1, 7.1 SP1
    • (no CPE)range: 7.0
  • >=7.0.0, <7.1.3.5 for 7.1.x; all 7.0.x, 8.0.x+ 1 more
    • (no CPE)range: >=7.0.0, <7.1.3.5 for 7.1.x; all 7.0.x, 8.0.x
    • (no CPE)range: 8.0.x

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.