Vulnerabilities > Avaya
|2020-11-13||CVE-2020-7032|| XXE vulnerability in Avaya Aura System Manager and Weblm |
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
| 5.5 |
|2020-11-13||CVE-2020-7033|| Cross-Site Scripting vulnerability in Avaya Equinox Conferencing 9.0.0/9.1.9 |
A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks.
| 3.5 |
|2020-08-11||CVE-2020-7029|| Cross-Site Request Forgery (CSRF) vulnerability in Avaya Aura Communication Manager and Aura Messaging |
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging.
| 6.8 |
|2020-08-07||CVE-2019-7005|| Information Exposure vulnerability in Avaya IP Office |
A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information.
| 5.0 |
|2020-06-04||CVE-2020-7030|| Information Exposure vulnerability in Avaya IP Office |
A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component.
| 2.1 |
|2020-02-28||CVE-2019-7007|| Path Traversal vulnerability in Avaya Aura Conferencing 9.0/126.96.36.199 |
A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R188.8.131.52 and earlier.
| 5.0 |
|2019-12-12||CVE-2019-7004|| Cross-Site Scripting vulnerability in Avaya IP Office Application Server 11.0/184.108.40.206 |
A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information.
| 4.3 |
|2019-11-15||CVE-2016-5285|| Null Pointer Dereference vulnerability in multiple products |
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
| 5.0 |
|2019-07-31||CVE-2019-7000|| Cross-Site Scripting vulnerability in Avaya Aura Conferencing 7.0/7.2/8.0 |
A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information.
| 5.8 |
|2019-07-11||CVE-2019-7003|| SQL Injection vulnerability in Avaya Control Manager |
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system.
| 6.4 |