Vulnerabilities > Avaya

DATE CVE VULNERABILITY TITLE RISK
2020-02-28 CVE-2019-7007 Path Traversal vulnerability in Avaya Aura Conferencing 9.0/9.1.9.0
A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier.
network
low complexity
avaya CWE-22
8.6
2019-12-12 CVE-2019-7004 Cross-site Scripting vulnerability in Avaya IP Office Application Server 11.0/11.0.4.0
A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information.
network
low complexity
avaya CWE-79
5.4
2019-11-15 CVE-2016-5285 NULL Pointer Dereference vulnerability in multiple products
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
network
low complexity
mozilla debian redhat suse avaya CWE-476
7.5
2019-07-31 CVE-2019-7000 Cross-site Scripting vulnerability in Avaya Aura Conferencing 7.0/7.2/8.0
A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information.
network
low complexity
avaya CWE-79
6.1
2019-07-11 CVE-2019-7003 SQL Injection vulnerability in Avaya Control Manager
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system.
network
low complexity
avaya CWE-89
critical
10.0
2019-04-04 CVE-2019-7001 SQL Injection vulnerability in Avaya IP Office Contact Center
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system.
network
low complexity
avaya CWE-89
8.8
2019-02-27 CVE-2019-7006 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Avaya One-X Communicator 6.2
Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information.
local
low complexity
avaya CWE-327
5.5
2019-02-01 CVE-2018-15617 Unspecified vulnerability in Avaya Aura Communication Manager
A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service.
network
low complexity
avaya
7.5
2019-01-23 CVE-2018-15614 Cross-site Scripting vulnerability in Avaya IP Office 10.0/10.1/11.0
A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users.
network
low complexity
avaya CWE-79
5.4
2018-10-17 CVE-2018-15616 Deserialization of Untrusted Data vulnerability in Avaya Aura System Platform
A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution.
network
low complexity
avaya CWE-502
critical
9.8