Vulnerabilities > Avaya

DATE CVE VULNERABILITY TITLE RISK
2021-06-25 CVE-2021-25654 Code Injection vulnerability in Avaya Aura Device Services
An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts.
local
low complexity
avaya CWE-94
4.6
2021-06-24 CVE-2021-25649 Unspecified vulnerability in Avaya Aura Utility Services 7.0/7.0.1.2/7.1.3
** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services.
local
low complexity
avaya
2.1
2021-06-24 CVE-2021-25650 Improper Privilege Management vulnerability in Avaya Aura Utility Services 7.0/7.0.1.2/7.1.3
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user.
local
low complexity
avaya CWE-269
4.6
2021-06-24 CVE-2021-25651 Improper Privilege Management vulnerability in Avaya Aura Utility Services 7.0/7.0.1.2/7.1.3
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges.
local
low complexity
avaya CWE-269
4.6
2021-06-24 CVE-2021-25652 Incorrect Authorization vulnerability in Avaya Aura Appliance Virtualization Platform 8.0.0.0/8.1.3.1
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU).
local
low complexity
avaya CWE-863
2.1
2021-06-24 CVE-2021-25653 Improper Privilege Management vulnerability in Avaya Aura Appliance Virtualization Platform 8.0.0.0/8.1.3.1
A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges.
local
low complexity
avaya CWE-269
4.6
2021-06-24 CVE-2021-25655 Open Redirect vulnerability in Avaya Aura Experience Portal 7.1/8.0.0
A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack.
network
avaya CWE-601
5.8
2021-06-24 CVE-2021-25656 Cross-site Scripting vulnerability in Avaya Aura Experience Portal 7.1/8.0.0
Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information.
network
avaya CWE-79
3.5
2021-04-28 CVE-2020-7038 Incorrect Authorization vulnerability in Avaya Equinox Conferencing 9.0.0/9.1.10/9.1.9
A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions.
network
low complexity
avaya CWE-863
5.0
2021-04-28 CVE-2020-7037 XXE vulnerability in Avaya Equinox Conferencing 9.0.0/9.1.10/9.1.9
An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service.
network
low complexity
avaya CWE-611
5.5