Filtered by vendor Avaya
Subscribe
Total
132 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25652 | 1 Avaya | 1 Aura Appliance Virtualization Platform | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU. | |||||
| CVE-2020-7035 | 1 Avaya | 1 Aura Orchestration Designer | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3. | |||||
| CVE-2020-7036 | 1 Avaya | 1 Callback Assist | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7. | |||||
| CVE-2021-25654 | 1 Avaya | 1 Aura Device Services | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services. | |||||
| CVE-2021-25653 | 1 Avaya | 1 Aura Appliance Virtualization Platform | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU. | |||||
| CVE-2021-25655 | 1 Avaya | 1 Aura Experience Portal | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). | |||||
| CVE-2021-25656 | 1 Avaya | 1 Aura Experience Portal | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). | |||||
| CVE-2020-7034 | 1 Avaya | 1 Session Border Controller For Enterprise | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x | |||||
| CVE-2020-7038 | 1 Avaya | 1 Equinox Conferencing | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server. | |||||
| CVE-2020-7037 | 1 Avaya | 1 Equinox Conferencing | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
| An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The affected versions of Avaya Equinox Conferencing includes all 9.x versions before 9.1.11. Equinox Conferencing is now offered as Avaya Meetings Server. | |||||
| CVE-2020-7032 | 1 Avaya | 2 Aura System Manager, Weblm | 2023-12-10 | 5.5 MEDIUM | 6.5 MEDIUM |
| An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2. | |||||
| CVE-2020-7033 | 1 Avaya | 1 Equinox Conferencing | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10. | |||||
| CVE-2019-7005 | 1 Avaya | 1 Ip Office | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2. | |||||
| CVE-2020-7029 | 1 Avaya | 2 Aura Communication Manager, Aura Messaging | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1. | |||||
| CVE-2020-7030 | 1 Avaya | 1 Ip Office | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3. | |||||
| CVE-2019-7004 | 1 Avaya | 1 Ip Office Application Server | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated. | |||||
| CVE-2019-7007 | 1 Avaya | 1 Aura Conferencing | 2023-12-10 | 5.0 MEDIUM | 8.6 HIGH |
| A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server. | |||||
| CVE-2016-5285 | 5 Avaya, Debian, Mozilla and 2 more | 32 Aura Application Enablement Services, Aura Application Server 5300, Aura Communication Manager and 29 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. | |||||
| CVE-2019-7003 | 1 Avaya | 1 Control Manager | 2023-12-10 | 6.4 MEDIUM | 10.0 CRITICAL |
| A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated. | |||||
| CVE-2019-7001 | 1 Avaya | 1 Ip Office Contact Center | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated. | |||||