Filtered by vendor Avaya
Subscribe
Search
Total
19 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3527 | 1 Avaya | 1 Call Management System | 2023-07-28 | N/A | 6.8 MEDIUM |
| A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel. | |||||
| CVE-2019-7006 | 1 Avaya | 1 One-x Communicator | 2022-01-01 | 2.1 LOW | 5.5 MEDIUM |
| Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13. | |||||
| CVE-2021-25655 | 1 Avaya | 1 Aura Experience Portal | 2021-06-30 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). | |||||
| CVE-2021-25656 | 1 Avaya | 1 Aura Experience Portal | 2021-06-30 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). | |||||
| CVE-2021-25652 | 1 Avaya | 1 Aura Appliance Virtualization Platform | 2021-06-30 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU. | |||||
| CVE-2021-25649 | 1 Avaya | 1 Aura Utility Services | 2021-06-29 | 2.1 LOW | 5.5 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services. | |||||
| CVE-2020-7036 | 1 Avaya | 1 Callback Assist | 2021-04-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7. | |||||
| CVE-2020-7035 | 1 Avaya | 1 Aura Orchestration Designer | 2021-04-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3. | |||||
| CVE-2020-7032 | 1 Avaya | 2 Aura System Manager, Weblm | 2021-01-12 | 5.5 MEDIUM | 6.5 MEDIUM |
| An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2. | |||||
| CVE-2020-7033 | 1 Avaya | 1 Equinox Conferencing | 2020-11-29 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10. | |||||
| CVE-2010-2942 | 6 Avaya, Canonical, Linux and 3 more | 13 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 10 more | 2020-08-11 | 2.1 LOW | 5.5 MEDIUM |
| The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. | |||||
| CVE-2011-4112 | 2 Avaya, Linux | 13 9608, 9608 Firmware, 9608g and 10 more | 2020-07-29 | 4.9 MEDIUM | 5.5 MEDIUM |
| The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface. | |||||
| CVE-2020-7030 | 1 Avaya | 1 Ip Office | 2020-06-09 | 2.1 LOW | 5.5 MEDIUM |
| A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3. | |||||
| CVE-2019-7004 | 1 Avaya | 1 Ip Office Application Server | 2020-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated. | |||||
| CVE-2019-7000 | 1 Avaya | 1 Aura Conferencing | 2019-10-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated. | |||||
| CVE-2018-15611 | 1 Avaya | 1 Aura Communication Manager | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1. | |||||
| CVE-2018-15614 | 1 Avaya | 1 Ip Office | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1. | |||||
| CVE-2018-15615 | 1 Avaya | 1 Call Management System Supervisor | 2019-10-09 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x. | |||||
| CVE-2018-15613 | 1 Avaya | 1 Aura Orchestration Designer | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | |||||