Filtered by vendor Avaya
Subscribe
Total
135 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7003 | 1 Avaya | 1 Control Manager | 2024-11-21 | 6.4 MEDIUM | 10.0 CRITICAL |
| A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated. | |||||
| CVE-2019-7001 | 1 Avaya | 1 Ip Office Contact Center | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated. | |||||
| CVE-2019-7000 | 1 Avaya | 1 Aura Conferencing | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated. | |||||
| CVE-2018-6635 | 1 Avaya | 1 Aura | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. | |||||
| CVE-2018-15617 | 1 Avaya | 1 Aura Communication Manager | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1. | |||||
| CVE-2018-15616 | 1 Avaya | 1 Avaya Aura System Platform | 2024-11-21 | 7.5 HIGH | 9.0 CRITICAL |
| A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2. | |||||
| CVE-2018-15615 | 1 Avaya | 1 Call Management System Supervisor | 2024-11-21 | 2.1 LOW | 7.2 HIGH |
| A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x. | |||||
| CVE-2018-15614 | 1 Avaya | 1 Ip Office | 2024-11-21 | 3.5 LOW | 6.8 MEDIUM |
| A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1. | |||||
| CVE-2018-15613 | 1 Avaya | 1 Aura Orchestration Designer | 2024-11-21 | 4.3 MEDIUM | 8.3 HIGH |
| A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | |||||
| CVE-2018-15612 | 1 Avaya | 1 Orchestration Designer | 2024-11-21 | 6.8 MEDIUM | 8.3 HIGH |
| A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | |||||
| CVE-2018-15611 | 1 Avaya | 1 Aura Communication Manager | 2024-11-21 | 7.2 HIGH | 6.3 MEDIUM |
| A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1. | |||||
| CVE-2018-15610 | 1 Avaya | 1 Ip Office | 2024-11-21 | 9.0 HIGH | 7.3 HIGH |
| A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2. | |||||
| CVE-2016-5285 | 5 Avaya, Debian, Mozilla and 2 more | 32 Aura Application Enablement Services, Aura Application Server 5300, Aura Communication Manager and 29 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. | |||||
| CVE-2024-7480 | 1 Avaya | 1 Aura System Manager | 2024-09-11 | N/A | 4.2 MEDIUM |
| An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support. | |||||
| CVE-2024-7477 | 1 Avaya | 1 Aura System Manager | 2024-09-11 | N/A | 6.5 MEDIUM |
| A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support. | |||||