Vulnerabilities > Avaya

DATE CVE VULNERABILITY TITLE RISK
2021-04-28 CVE-2020-7038 Unspecified vulnerability in Avaya Equinox Conferencing 9.0.0/9.1.10/9.1.9
A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions.
network
low complexity
avaya
7.5
2021-04-28 CVE-2020-7037 XXE vulnerability in Avaya Equinox Conferencing 9.0.0/9.1.10/9.1.9
An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service.
network
low complexity
avaya CWE-611
8.1
2021-04-23 CVE-2020-7036 XXE vulnerability in Avaya Callback Assist 4.7.1.1
An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system.
network
low complexity
avaya CWE-611
6.5
2021-04-23 CVE-2020-7035 XXE vulnerability in Avaya Aura Orchestration Designer
An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system.
network
low complexity
avaya CWE-611
6.5
2021-04-23 CVE-2020-7034 Command Injection vulnerability in Avaya Session Border Controller for Enterprise
A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges.
network
low complexity
avaya CWE-77
8.8
2020-11-13 CVE-2020-7032 XXE vulnerability in Avaya Aura System Manager and Weblm
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
network
low complexity
avaya CWE-611
6.5
2020-11-13 CVE-2020-7033 Cross-site Scripting vulnerability in Avaya Equinox Conferencing 9.0.0/9.1.9
A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks.
network
low complexity
avaya CWE-79
5.4
2020-08-11 CVE-2020-7029 Cross-Site Request Forgery (CSRF) vulnerability in Avaya Aura Communication Manager and Aura Messaging
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging.
network
low complexity
avaya CWE-352
8.8
2020-08-07 CVE-2019-7005 Unspecified vulnerability in Avaya IP Office
A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information.
network
low complexity
avaya
7.5
2020-06-04 CVE-2020-7030 Information Exposure vulnerability in Avaya IP Office
A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component.
local
low complexity
avaya CWE-200
5.5