Vulnerabilities > Avaya

DATE CVE VULNERABILITY TITLE RISK
2020-11-13 CVE-2020-7032 XXE vulnerability in Avaya Aura System Manager and Weblm
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
network
low complexity
avaya CWE-611
5.5
2020-11-13 CVE-2020-7033 Cross-Site Scripting vulnerability in Avaya Equinox Conferencing 9.0.0/9.1.9
A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks.
network
avaya CWE-79
3.5
2020-08-11 CVE-2020-7029 Cross-Site Request Forgery (CSRF) vulnerability in Avaya Aura Communication Manager and Aura Messaging
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging.
network
avaya CWE-352
6.8
2020-08-07 CVE-2019-7005 Information Exposure vulnerability in Avaya IP Office
A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information.
network
low complexity
avaya CWE-200
5.0
2020-06-04 CVE-2020-7030 Information Exposure vulnerability in Avaya IP Office
A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component.
local
low complexity
avaya CWE-200
2.1
2020-02-28 CVE-2019-7007 Path Traversal vulnerability in Avaya Aura Conferencing 9.0/9.1.9.0
A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier.
network
low complexity
avaya CWE-22
5.0
2019-12-12 CVE-2019-7004 Cross-Site Scripting vulnerability in Avaya IP Office Application Server 11.0/11.0.4.0
A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information.
network
avaya CWE-79
4.3
2019-11-15 CVE-2016-5285 Null Pointer Dereference vulnerability in multiple products
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
network
low complexity
mozilla debian redhat suse avaya CWE-476
5.0
2019-07-31 CVE-2019-7000 Cross-Site Scripting vulnerability in Avaya Aura Conferencing 7.0/7.2/8.0
A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information.
network
avaya CWE-79
5.8
2019-07-11 CVE-2019-7003 SQL Injection vulnerability in Avaya Control Manager
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system.
network
low complexity
avaya CWE-89
6.4