Vendor CVEs
Avaya
All CVEs
156 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-7480 | 0.00 | — | 0.00 | Aug 8, 2024 | An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1… | |||
| CVE-2024-7477 | 0.00 | — | 0.00 | Aug 8, 2024 | A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1… | |||
| CVE-2024-4197 | 0.00 | — | 0.01 | Jun 25, 2024 | An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1. | |||
| CVE-2024-4196 | 0.00 | — | 0.01 | Jun 25, 2024 | An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1. | |||
| CVE-2023-7031 | 0.00 | — | 0.00 | Jan 17, 2024 | Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions… | |||
| CVE-2023-3527 | 0.00 | — | 0.01 | Jul 18, 2023 | A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used… | |||
| CVE-2023-31187 | 0.00 | — | 0.00 | May 30, 2023 | Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials | |||
| CVE-2023-31186 | 0.00 | — | 0.00 | May 30, 2023 | Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy | |||
| CVE-2023-32218 | 0.00 | — | 0.00 | May 30, 2023 | Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | |||
| CVE-2022-40016 | 0.00 | — | 0.01 | Feb 15, 2023 | Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows attackers to cause a denial of service. | |||
| CVE-2021-33959 | 0.00 | — | 0.15 | Jan 18, 2023 | Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service. | |||
| CVE-2023-21890 | 0.00 | — | 0.01 | Jan 17, 2023 | Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core). Supported versions that are affected are 7.1.0 and 8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via UDP to… | |||
| CVE-2022-38168 | 0.00 | — | 0.01 | Nov 3, 2022 | Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification. | |||
| CVE-2022-2249 | 0.00 | — | 0.00 | Oct 12, 2022 | Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0. | |||
| CVE-2022-35299 | 0.00 | — | 0.01 | Oct 11, 2022 | SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. | |||
| CVE-2022-2975 | 0.00 | — | 0.00 | Oct 6, 2022 | A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services… | |||
| CVE-2021-25657 | 0.00 | — | 0.00 | Sep 2, 2022 | A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. | |||
| CVE-2022-27614 | 0.00 | — | 0.01 | Jul 28, 2022 | Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2022-34902 | 0.00 | — | 0.00 | Jul 18, 2022 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific… | |||
| CVE-2022-0835 | 0.00 | — | 0.00 | Apr 11, 2022 | AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user. | |||
| CVE-2021-33008 | 0.00 | — | 0.01 | Apr 4, 2022 | AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity. | |||
| CVE-2021-32981 | 0.00 | — | 0.01 | Apr 4, 2022 | AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within… | |||
| CVE-2021-32985 | 0.00 | — | 0.00 | Apr 4, 2022 | AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid. | |||
| CVE-2021-33010 | 0.00 | — | 0.01 | Apr 4, 2022 | An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition. | |||
| CVE-2021-32977 | 0.00 | — | 0.01 | Apr 4, 2022 | AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data. | |||
| CVE-2021-25654 | 0.00 | — | 0.01 | Jun 25, 2021 | An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services. | |||
| CVE-2021-25656 | 0.00 | — | 0.00 | Jun 24, 2021 | Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). | |||
| CVE-2021-25655 | 0.00 | — | 0.00 | Jun 24, 2021 | A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). | |||
| CVE-2021-25653 | 0.00 | — | 0.01 | Jun 24, 2021 | A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU. | |||
| CVE-2021-25652 | 0.00 | — | 0.01 | Jun 24, 2021 | An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that… | |||
| CVE-2021-25651 | 0.00 | — | 0.00 | Jun 24, 2021 | A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services | |||
| CVE-2021-25650 | 0.00 | — | 0.01 | Jun 24, 2021 | A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services | |||
| CVE-2021-25649 | 0.00 | — | 0.01 | Jun 24, 2021 | An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a… | |||
| CVE-2021-34808 | 0.00 | — | 0.01 | Jun 18, 2021 | Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. | |||
| CVE-2020-7038 | 0.00 | — | 0.01 | Apr 28, 2021 | A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox… | |||
| CVE-2020-7037 | 0.00 | — | 0.01 | Apr 28, 2021 | An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The… | |||
| CVE-2020-7036 | 0.00 | — | 0.01 | Apr 23, 2021 | An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7. | |||
| CVE-2020-7035 | 0.00 | — | 0.01 | Apr 23, 2021 | An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer… | |||
| CVE-2020-7032 | 0.00 | — | 0.04 | Nov 13, 2020 | An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6… | |||
| CVE-2020-7033 | 0.00 | — | 0.01 | Nov 12, 2020 | A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10. | |||
| CVE-2020-7029 | 0.00 | — | 0.00 | Aug 11, 2020 | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions… | |||
| CVE-2019-7005 | 0.00 | — | 0.01 | Aug 7, 2020 | A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2. | |||
| CVE-2019-7007 | 0.00 | — | 0.02 | Feb 28, 2020 | A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server. | |||
| CVE-2019-7000 | 0.00 | — | 0.01 | Jul 31, 2019 | A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not… | |||
| CVE-2019-7001 | 0.00 | — | 0.01 | Apr 4, 2019 | A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior… | |||
| CVE-2019-6599 | 0.00 | — | 0.01 | Mar 13, 2019 | In BIG-IP 11.6.1-11.6.3.2 or 11.5.1-11.5.8, or Enterprise Manager 3.1.1, improper escaping of values in an undisclosed page of the configuration utility may result with an improper handling on the JSON response when it is injected by a malicious script via a remote cross-site… | |||
| CVE-2019-6597 | 0.00 | — | 0.01 | Mar 13, 2019 | In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on… | |||
| CVE-2019-6598 | 0.00 | — | 0.01 | Mar 13, 2019 | In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI… | |||
| CVE-2019-7006 | 0.00 | — | 0.00 | Feb 27, 2019 | Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13. | |||
| CVE-2018-15617 | 0.00 | — | 0.02 | Feb 1, 2019 | A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1. |
- CVE-2024-7480Aug 8, 2024risk 0.00cvss —epss 0.00
An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1…
- CVE-2024-7477Aug 8, 2024risk 0.00cvss —epss 0.00
A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1…
- CVE-2024-4197Jun 25, 2024risk 0.00cvss —epss 0.01
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1.
- CVE-2024-4196Jun 25, 2024risk 0.00cvss —epss 0.01
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.
- CVE-2023-7031Jan 17, 2024risk 0.00cvss —epss 0.00
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions…
- CVE-2023-3527Jul 18, 2023risk 0.00cvss —epss 0.01
A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used…
- CVE-2023-31187May 30, 2023risk 0.00cvss —epss 0.00
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials
- CVE-2023-31186May 30, 2023risk 0.00cvss —epss 0.00
Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy
- CVE-2023-32218May 30, 2023risk 0.00cvss —epss 0.00
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
- CVE-2022-40016Feb 15, 2023risk 0.00cvss —epss 0.01
Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows attackers to cause a denial of service.
- CVE-2021-33959Jan 18, 2023risk 0.00cvss —epss 0.15
Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service.
- CVE-2023-21890Jan 17, 2023risk 0.00cvss —epss 0.01
Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core). Supported versions that are affected are 7.1.0 and 8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via UDP to…
- CVE-2022-38168Nov 3, 2022risk 0.00cvss —epss 0.01
Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.
- CVE-2022-2249Oct 12, 2022risk 0.00cvss —epss 0.00
Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0.
- CVE-2022-35299Oct 11, 2022risk 0.00cvss —epss 0.01
SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow.
- CVE-2022-2975Oct 6, 2022risk 0.00cvss —epss 0.00
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services…
- CVE-2021-25657Sep 2, 2022risk 0.00cvss —epss 0.00
A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.
- CVE-2022-27614Jul 28, 2022risk 0.00cvss —epss 0.01
Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors.
- CVE-2022-34902Jul 18, 2022risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific…
- CVE-2022-0835Apr 11, 2022risk 0.00cvss —epss 0.00
AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.
- CVE-2021-33008Apr 4, 2022risk 0.00cvss —epss 0.01
AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity.
- CVE-2021-32981Apr 4, 2022risk 0.00cvss —epss 0.01
AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within…
- CVE-2021-32985Apr 4, 2022risk 0.00cvss —epss 0.00
AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid.
- CVE-2021-33010Apr 4, 2022risk 0.00cvss —epss 0.01
An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition.
- CVE-2021-32977Apr 4, 2022risk 0.00cvss —epss 0.01
AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data.
- CVE-2021-25654Jun 25, 2021risk 0.00cvss —epss 0.01
An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services.
- CVE-2021-25656Jun 24, 2021risk 0.00cvss —epss 0.00
Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).
- CVE-2021-25655Jun 24, 2021risk 0.00cvss —epss 0.00
A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).
- CVE-2021-25653Jun 24, 2021risk 0.00cvss —epss 0.01
A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU.
- CVE-2021-25652Jun 24, 2021risk 0.00cvss —epss 0.01
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that…
- CVE-2021-25651Jun 24, 2021risk 0.00cvss —epss 0.00
A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services
- CVE-2021-25650Jun 24, 2021risk 0.00cvss —epss 0.01
A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services
- CVE-2021-25649Jun 24, 2021risk 0.00cvss —epss 0.01
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a…
- CVE-2021-34808Jun 18, 2021risk 0.00cvss —epss 0.01
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.
- CVE-2020-7038Apr 28, 2021risk 0.00cvss —epss 0.01
A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox…
- CVE-2020-7037Apr 28, 2021risk 0.00cvss —epss 0.01
An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The…
- CVE-2020-7036Apr 23, 2021risk 0.00cvss —epss 0.01
An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7.
- CVE-2020-7035Apr 23, 2021risk 0.00cvss —epss 0.01
An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer…
- CVE-2020-7032Nov 13, 2020risk 0.00cvss —epss 0.04
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6…
- CVE-2020-7033Nov 12, 2020risk 0.00cvss —epss 0.01
A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10.
- CVE-2020-7029Aug 11, 2020risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions…
- CVE-2019-7005Aug 7, 2020risk 0.00cvss —epss 0.01
A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2.
- CVE-2019-7007Feb 28, 2020risk 0.00cvss —epss 0.02
A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server.
- CVE-2019-7000Jul 31, 2019risk 0.00cvss —epss 0.01
A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not…
- CVE-2019-7001Apr 4, 2019risk 0.00cvss —epss 0.01
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior…
- CVE-2019-6599Mar 13, 2019risk 0.00cvss —epss 0.01
In BIG-IP 11.6.1-11.6.3.2 or 11.5.1-11.5.8, or Enterprise Manager 3.1.1, improper escaping of values in an undisclosed page of the configuration utility may result with an improper handling on the JSON response when it is injected by a malicious script via a remote cross-site…
- CVE-2019-6597Mar 13, 2019risk 0.00cvss —epss 0.01
In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on…
- CVE-2019-6598Mar 13, 2019risk 0.00cvss —epss 0.01
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI…
- CVE-2019-7006Feb 27, 2019risk 0.00cvss —epss 0.00
Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13.
- CVE-2018-15617Feb 1, 2019risk 0.00cvss —epss 0.02
A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1.
Page 2 of 4