Vulnerabilities > Avaya > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-19 | CVE-2023-3722 | Unrestricted Upload of File with Dangerous Type vulnerability in Avaya Aura Device Services An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. | 9.8 |
2022-11-03 | CVE-2022-38168 | Missing Authentication for Critical Function vulnerability in Avaya products Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification. | 9.1 |
2021-04-23 | CVE-2020-7034 | Command Injection vulnerability in Avaya Session Border Controller for Enterprise A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. | 9.0 |
2019-07-11 | CVE-2019-7003 | SQL Injection vulnerability in Avaya Control Manager A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. | 10.0 |
2018-09-12 | CVE-2018-15610 | Path Traversal vulnerability in Avaya IP Office 10.0/10.1/9.1 A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. | 9.0 |
2017-11-10 | CVE-2017-11309 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avaya IP Office Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response. | 9.6 |
2017-01-23 | CVE-2016-2783 | Data Processing Errors vulnerability in Avaya VSP Operating System Software 5.0.0.0 Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames. | 10.0 |
2012-07-03 | CVE-2011-5096 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avaya Aura Application Server 5300 1.0/2.0 Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet. | 10.0 |
2012-07-03 | CVE-2012-3811 | Unspecified vulnerability in Avaya IP Office Customer Call Reporter 7.0/8.0 Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request. | 10.0 |
2009-04-10 | CVE-2008-6708 | Multiple Security vulnerability in Avaya Communication Manager and SIP Enablement Services Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters." | 9.0 |