Vulnerabilities > Avaya
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-17 | CVE-2023-7031 | Authorization Bypass Through User-Controlled Key vulnerability in Avaya Aura Experience Portal Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. | 4.3 |
| 2023-07-19 | CVE-2023-3722 | Unrestricted Upload of File with Dangerous Type vulnerability in Avaya Aura Device Services An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. | 9.8 |
| 2023-07-18 | CVE-2023-3527 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Avaya Call Management System 17.0/18.0.0.1/18.0.0.2 A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel. | 6.8 |
| 2023-05-30 | CVE-2023-31186 | Information Exposure Through Discrepancy vulnerability in Avaya IX Workforce Engagement 15.2.7.1195 Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy | 5.3 |
| 2023-05-30 | CVE-2023-31187 | Insufficiently Protected Credentials vulnerability in Avaya IX Workforce Engagement 15.2.7.1195 Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials | 6.5 |
| 2023-05-30 | CVE-2023-32218 | Open Redirect vulnerability in Avaya IX Workforce Engagement 15.2.7.1195 Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | 6.1 |
| 2022-11-03 | CVE-2022-38168 | Missing Authentication for Critical Function vulnerability in Avaya products Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification. | 9.1 |
| 2022-10-12 | CVE-2022-2249 | Improper Privilege Management vulnerability in Avaya Aura Communication Manager Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. | 6.7 |
| 2022-10-06 | CVE-2022-2975 | Incorrect Permission Assignment for Critical Resource vulnerability in Avaya Aura Application Enablement Services A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. | 6.7 |
| 2021-06-25 | CVE-2021-25654 | Unspecified vulnerability in Avaya Aura Device Services An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. | 4.6 |