Vulnerabilities > Avaya > IP Office
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-25 | CVE-2024-4196 | Unspecified vulnerability in Avaya IP Office An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. | 9.8 |
| 2024-06-25 | CVE-2024-4197 | Unrestricted Upload of File with Dangerous Type vulnerability in Avaya IP Office An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. | 9.8 |
| 2022-09-02 | CVE-2021-25657 | Unspecified vulnerability in Avaya IP Office A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. | 7.8 |
| 2020-08-07 | CVE-2019-7005 | Unspecified vulnerability in Avaya IP Office A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. | 7.5 |
| 2020-06-04 | CVE-2020-7030 | Information Exposure vulnerability in Avaya IP Office A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. | 5.5 |
| 2019-11-15 | CVE-2016-5285 | NULL Pointer Dereference vulnerability in multiple products A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. | 7.5 |
| 2019-01-23 | CVE-2018-15614 | Cross-site Scripting vulnerability in Avaya IP Office 10.0/10.1/11.0 A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. | 5.4 |
| 2018-09-12 | CVE-2018-15610 | Path Traversal vulnerability in Avaya IP Office 10.0/10.1/9.1 A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. | 8.8 |
| 2017-11-10 | CVE-2017-11309 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avaya IP Office Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response. | 9.6 |