VYPR

Vendor CVEs

Avaya

All CVEs

156 total · sorted by risk
  • CVE-2024-7480Aug 8, 2024
    risk 0.00cvss epss 0.00

    An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1…

  • CVE-2024-7477Aug 8, 2024
    risk 0.00cvss epss 0.00

    A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database.  Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1…

  • CVE-2024-4197Jun 25, 2024
    risk 0.00cvss epss 0.01

    An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1.

  • CVE-2024-4196Jun 25, 2024
    risk 0.00cvss epss 0.01

    An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.

  • CVE-2023-7031Jan 17, 2024
    risk 0.00cvss epss 0.00

    Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions…

  • CVE-2023-3527Jul 18, 2023
    risk 0.00cvss epss 0.01

    A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used…

  • CVE-2023-31187May 30, 2023
    risk 0.00cvss epss 0.00

    Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials

  • CVE-2023-31186May 30, 2023
    risk 0.00cvss epss 0.00

    Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy

  • CVE-2023-32218May 30, 2023
    risk 0.00cvss epss 0.00

    Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

  • CVE-2022-40016Feb 15, 2023
    risk 0.00cvss epss 0.01

    Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows attackers to cause a denial of service.

  • CVE-2021-33959Jan 18, 2023
    risk 0.00cvss epss 0.15

    Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service.

  • CVE-2023-21890Jan 17, 2023
    risk 0.00cvss epss 0.01

    Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core). Supported versions that are affected are 7.1.0 and 8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via UDP to…

  • CVE-2022-38168Nov 3, 2022
    risk 0.00cvss epss 0.01

    Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.

  • CVE-2022-2249Oct 12, 2022
    risk 0.00cvss epss 0.00

    Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0.

  • CVE-2022-35299Oct 11, 2022
    risk 0.00cvss epss 0.01

    SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow.

  • CVE-2022-2975Oct 6, 2022
    risk 0.00cvss epss 0.00

    A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services…

  • CVE-2021-25657Sep 2, 2022
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.

  • CVE-2022-27614Jul 28, 2022
    risk 0.00cvss epss 0.01

    Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2022-34902Jul 18, 2022
    risk 0.00cvss epss 0.00

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific…

  • CVE-2022-0835Apr 11, 2022
    risk 0.00cvss epss 0.00

    AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.

  • CVE-2021-33008Apr 4, 2022
    risk 0.00cvss epss 0.01

    AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity.

  • CVE-2021-32981Apr 4, 2022
    risk 0.00cvss epss 0.01

    AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within…

  • CVE-2021-32985Apr 4, 2022
    risk 0.00cvss epss 0.00

    AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid.

  • CVE-2021-33010Apr 4, 2022
    risk 0.00cvss epss 0.01

    An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition.

  • CVE-2021-32977Apr 4, 2022
    risk 0.00cvss epss 0.01

    AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data.

  • CVE-2021-25654Jun 25, 2021
    risk 0.00cvss epss 0.01

    An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services.

  • CVE-2021-25656Jun 24, 2021
    risk 0.00cvss epss 0.00

    Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).

  • CVE-2021-25655Jun 24, 2021
    risk 0.00cvss epss 0.00

    A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).

  • CVE-2021-25653Jun 24, 2021
    risk 0.00cvss epss 0.01

    A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU.

  • CVE-2021-25652Jun 24, 2021
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that…

  • CVE-2021-25651Jun 24, 2021
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services

  • CVE-2021-25650Jun 24, 2021
    risk 0.00cvss epss 0.01

    A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services

  • CVE-2021-25649Jun 24, 2021
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a…

  • CVE-2021-34808Jun 18, 2021
    risk 0.00cvss epss 0.01

    Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.

  • CVE-2020-7038Apr 28, 2021
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox…

  • CVE-2020-7037Apr 28, 2021
    risk 0.00cvss epss 0.01

    An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The…

  • CVE-2020-7036Apr 23, 2021
    risk 0.00cvss epss 0.01

    An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7.

  • CVE-2020-7035Apr 23, 2021
    risk 0.00cvss epss 0.01

    An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer…

  • CVE-2020-7032Nov 13, 2020
    risk 0.00cvss epss 0.04

    An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6…

  • CVE-2020-7033Nov 12, 2020
    risk 0.00cvss epss 0.01

    A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10.

  • CVE-2020-7029Aug 11, 2020
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions…

  • CVE-2019-7005Aug 7, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2.

  • CVE-2019-7007Feb 28, 2020
    risk 0.00cvss epss 0.02

    A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server.

  • CVE-2019-7000Jul 31, 2019
    risk 0.00cvss epss 0.01

    A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not…

  • CVE-2019-7001Apr 4, 2019
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior…

  • CVE-2019-6599Mar 13, 2019
    risk 0.00cvss epss 0.01

    In BIG-IP 11.6.1-11.6.3.2 or 11.5.1-11.5.8, or Enterprise Manager 3.1.1, improper escaping of values in an undisclosed page of the configuration utility may result with an improper handling on the JSON response when it is injected by a malicious script via a remote cross-site…

  • CVE-2019-6597Mar 13, 2019
    risk 0.00cvss epss 0.01

    In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on…

  • CVE-2019-6598Mar 13, 2019
    risk 0.00cvss epss 0.01

    In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI…

  • CVE-2019-7006Feb 27, 2019
    risk 0.00cvss epss 0.00

    Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13.

  • CVE-2018-15617Feb 1, 2019
    risk 0.00cvss epss 0.02

    A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1.