Vulnerabilities > Avaya

DATE CVE VULNERABILITY TITLE RISK
2022-11-03 CVE-2022-38168 Missing Authentication for Critical Function vulnerability in Avaya products
** UNSUPPPORTED WHEN ASSIGNED **Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.
network
low complexity
avaya CWE-306
critical
9.1
2022-10-12 CVE-2022-2249 Improper Privilege Management vulnerability in Avaya Aura Communication Manager
Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges.
local
low complexity
avaya CWE-269
6.7
2022-10-06 CVE-2022-2975 Incorrect Permission Assignment for Critical Resource vulnerability in Avaya Aura Application Enablement Services
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user.
local
low complexity
avaya CWE-732
6.7
2021-06-25 CVE-2021-25654 Unspecified vulnerability in Avaya Aura Device Services
An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts.
local
low complexity
avaya
4.6
2021-06-24 CVE-2021-25649 Unspecified vulnerability in Avaya Aura Utility Services 7.0/7.0.1.2/7.1.3
** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services.
local
low complexity
avaya
2.1
2021-06-24 CVE-2021-25650 Improper Privilege Management vulnerability in Avaya Aura Utility Services 7.0/7.0.1.2/7.1.3
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user.
local
low complexity
avaya CWE-269
4.6
2021-06-24 CVE-2021-25651 Improper Privilege Management vulnerability in Avaya Aura Utility Services 7.0/7.0.1.2/7.1.3
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges.
local
low complexity
avaya CWE-269
4.6
2021-06-24 CVE-2021-25652 Exposure of Resource to Wrong Sphere vulnerability in Avaya Aura Appliance Virtualization Platform 8.0.0.0/8.1.3.1
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU).
local
low complexity
avaya CWE-668
5.5
2021-06-24 CVE-2021-25653 Unspecified vulnerability in Avaya Aura Appliance Virtualization Platform 8.0.0.0/8.1.3.1
A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges.
local
low complexity
avaya
4.6
2021-06-24 CVE-2021-25655 Open Redirect vulnerability in Avaya Aura Experience Portal 7.1/8.0.0
A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack.
network
avaya CWE-601
5.8