Vulnerabilities > Avaya
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-12 | CVE-2019-7004 | Cross-site Scripting vulnerability in Avaya IP Office Application Server 11.0/11.0.4.0 A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. | 5.4 |
| 2019-11-15 | CVE-2016-5285 | NULL Pointer Dereference vulnerability in multiple products A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. | 5.0 |
| 2019-07-31 | CVE-2019-7000 | Cross-site Scripting vulnerability in Avaya Aura Conferencing 7.0/7.2/8.0 A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. | 6.1 |
| 2019-07-11 | CVE-2019-7003 | SQL Injection vulnerability in Avaya Control Manager A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. | 10.0 |
| 2019-04-04 | CVE-2019-7001 | SQL Injection vulnerability in Avaya IP Office Contact Center A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. | 6.5 |
| 2019-02-27 | CVE-2019-7006 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Avaya One-X Communicator 6.2 Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. | 2.1 |
| 2019-02-01 | CVE-2018-15617 | Unspecified vulnerability in Avaya Aura Communication Manager A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. | 5.0 |
| 2019-01-23 | CVE-2018-15614 | Cross-site Scripting vulnerability in Avaya IP Office 10.0/10.1/11.0 A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. | 3.5 |
| 2018-10-17 | CVE-2018-15616 | Deserialization of Untrusted Data vulnerability in Avaya Aura System Platform A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. | 7.5 |
| 2018-09-27 | CVE-2018-15611 | Unspecified vulnerability in Avaya Aura Communication Manager A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. | 7.2 |