Vulnerabilities > AL Enterprise

DATE CVE VULNERABILITY TITLE RISK
2019-12-27 CVE-2019-20049 Unspecified vulnerability in Al-Enterprise Omnivista 4760
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices.
network
low complexity
al-enterprise
critical
9.8
2019-12-27 CVE-2019-20048 Unrestricted Upload of File with Dangerous Type vulnerability in Al-Enterprise Omnivista 8770
An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2.
network
low complexity
al-enterprise CWE-434
7.2
2019-12-27 CVE-2019-20047 Insufficiently Protected Credentials vulnerability in Al-Enterprise Omnivista 4760 and Omnivista 8770
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2.
network
low complexity
al-enterprise CWE-522
7.5
2019-08-01 CVE-2019-14260 OS Command Injection vulnerability in Al-Enterprise 8008 Firmware 1.50.13
On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.
low complexity
al-enterprise CWE-78
8.0
2007-09-18 CVE-2007-3010 Unspecified vulnerability in Al-Enterprise Omnipcx Enterprise Communication Server
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
network
low complexity
al-enterprise
critical
9.8