Vulnerabilities > Avaya
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-31 | CVE-2019-7000 | Cross-site Scripting vulnerability in Avaya Aura Conferencing 7.0/7.2/8.0 A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. | 6.1 |
| 2019-07-11 | CVE-2019-7003 | SQL Injection vulnerability in Avaya Control Manager A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. | 10.0 |
| 2019-04-04 | CVE-2019-7001 | SQL Injection vulnerability in Avaya IP Office Contact Center A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. | 6.5 |
| 2019-02-27 | CVE-2019-7006 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Avaya One-X Communicator 6.2 Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. | 2.1 |
| 2019-02-01 | CVE-2018-15617 | Unspecified vulnerability in Avaya Aura Communication Manager A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. | 5.0 |
| 2019-01-23 | CVE-2018-15614 | Cross-site Scripting vulnerability in Avaya IP Office 10.0/10.1/11.0 A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. | 3.5 |
| 2018-10-17 | CVE-2018-15616 | Deserialization of Untrusted Data vulnerability in Avaya Aura System Platform A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. | 7.5 |
| 2018-09-27 | CVE-2018-15611 | Unspecified vulnerability in Avaya Aura Communication Manager A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. | 7.2 |
| 2018-09-24 | CVE-2018-15615 | Information Exposure vulnerability in Avaya Call Management System Supervisor 17.0.0/18.0.1.0/18.0.2.0 A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. | 2.1 |
| 2018-09-21 | CVE-2018-15613 | Cross-site Scripting vulnerability in Avaya Aura Orchestration Designer A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. | 4.3 |