Vulnerabilities > CVE-2020-7032 - XXE vulnerability in Avaya Aura System Manager and Weblm

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

avaya

CWE-611

NVD

Published: 2020-11-13

Updated: 2022-10-19

Summary

An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2.

Vulnerable Configurations

Part	Description	Count
Application	Avaya Avaya Aura System Manager 8.0 Avaya Aura System Manager 8.0.1 Avaya Aura System Manager 8.0.1.1 Avaya Aura System Manager 8.0.1.2 Avaya Aura System Manager 8.1 Avaya Aura System Manager 8.1.1 Avaya Aura System Manager 8.1.2 Avaya Aura System Manager 7.0 Avaya Aura System Manager 7.0.1.3 Avaya Aura System Manager 7.1 Avaya Aura System Manager 7.1.1 Avaya Aura System Manager 7.1.1.1 Avaya Aura System Manager 7.1.2 Avaya Aura System Manager 7.1.3 Avaya Aura System Manager 7.1.3.1 Avaya Aura System Manager 7.1.3.2 Avaya Aura System Manager 7.1.3.3 Avaya Aura System Manager 7.1.3.4 Avaya Aura System Manager 7.1.3.5 Avaya Aura System Manager 7.1.3.6 Avaya Weblm 8.1.2 Avaya Weblm 7.0 Avaya Weblm 7.1.3.6	23

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References