Vulnerabilities > Avaya > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-08 CVE-2024-7477 SQL Injection vulnerability in Avaya Aura System Manager
A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database.  Affected versions include 10.1.x.x and 10.2.x.x.
local
low complexity
avaya CWE-89
6.7
2024-08-08 CVE-2024-7480 Unspecified vulnerability in Avaya Aura System Manager
An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x.
local
low complexity
avaya
4.4
2024-01-17 CVE-2023-7031 Authorization Bypass Through User-Controlled Key vulnerability in Avaya Aura Experience Portal
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user.
network
low complexity
avaya CWE-639
4.3
2023-07-18 CVE-2023-3527 Improper Neutralization of Formula Elements in a CSV File vulnerability in Avaya Call Management System 17.0/18.0.0.1/18.0.0.2
A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.  
network
low complexity
avaya CWE-1236
6.8
2023-05-30 CVE-2023-31186 Information Exposure Through Discrepancy vulnerability in Avaya IX Workforce Engagement 15.2.7.1195
Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy
network
low complexity
avaya CWE-203
5.3
2023-05-30 CVE-2023-31187 Insufficiently Protected Credentials vulnerability in Avaya IX Workforce Engagement 15.2.7.1195
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials
network
low complexity
avaya CWE-522
6.5
2023-05-30 CVE-2023-32218 Open Redirect vulnerability in Avaya IX Workforce Engagement 15.2.7.1195
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
network
low complexity
avaya CWE-601
6.1
2022-10-12 CVE-2022-2249 Improper Privilege Management vulnerability in Avaya Aura Communication Manager
Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges.
local
low complexity
avaya CWE-269
6.7
2022-10-06 CVE-2022-2975 Incorrect Permission Assignment for Critical Resource vulnerability in Avaya Aura Application Enablement Services
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user.
local
low complexity
avaya CWE-732
6.7
2021-06-24 CVE-2021-25649 Unspecified vulnerability in Avaya Aura Utility Services 7.0/7.0.1.2/7.1.3
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services.
local
low complexity
avaya
5.5