Vulnerabilities > Avaya
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-24 | CVE-2018-15615 | Information Exposure vulnerability in Avaya Call Management System Supervisor 17.0.0/18.0.1.0/18.0.2.0 A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. | 2.1 |
| 2018-09-21 | CVE-2018-15613 | Cross-site Scripting vulnerability in Avaya Aura Orchestration Designer A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. | 4.3 |
| 2018-09-21 | CVE-2018-15612 | Cross-Site Request Forgery (CSRF) vulnerability in Avaya Orchestration Designer 7.1 A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. | 6.8 |
| 2018-09-12 | CVE-2018-15610 | Path Traversal vulnerability in Avaya IP Office 10.0/10.1/9.1 A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. | 9.0 |
| 2018-02-05 | CVE-2018-6635 | Inadequate Encryption Strength vulnerability in Avaya Aura System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. | 6.0 |
| 2017-11-10 | CVE-2017-12969 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avaya IP Office Contact Center Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. | 8.8 |
| 2017-11-10 | CVE-2017-11309 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avaya IP Office Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response. | 9.6 |
| 2017-01-23 | CVE-2016-2783 | Data Processing Errors vulnerability in Avaya VSP Operating System Software 5.0.0.0 Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames. | 10.0 |
| 2012-07-03 | CVE-2011-5096 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avaya Aura Application Server 5300 1.0/2.0 Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet. | 10.0 |
| 2012-07-03 | CVE-2012-3811 | Unspecified vulnerability in Avaya IP Office Customer Call Reporter 7.0/8.0 Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request. | 10.0 |