Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-24	CVE-2021-25652	Exposure of Resource to Wrong Sphere vulnerability in Avaya Aura Appliance Virtualization Platform 8.0.0.0/8.1.3.1 An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). local low complexity avaya CWE-668	5.5
2021-06-24	CVE-2021-25655	Open Redirect vulnerability in Avaya Aura Experience Portal 7.1/8.0.0 A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. network low complexity avaya CWE-601	6.1
2021-06-24	CVE-2021-25656	Cross-site Scripting vulnerability in Avaya Aura Experience Portal 7.1/8.0.0 Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. network low complexity avaya CWE-79	5.4
2021-04-23	CVE-2020-7036	XXE vulnerability in Avaya Callback Assist 4.7.1.1 An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. network low complexity avaya CWE-611	6.5
2021-04-23	CVE-2020-7035	XXE vulnerability in Avaya Aura Orchestration Designer An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. network low complexity avaya CWE-611	6.5
2020-11-13	CVE-2020-7032	XXE vulnerability in Avaya Aura System Manager and Weblm An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. network low complexity avaya CWE-611	6.5
2020-11-13	CVE-2020-7033	Cross-site Scripting vulnerability in Avaya Equinox Conferencing 9.0.0/9.1.9 A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. network low complexity avaya CWE-79	5.4
2020-06-04	CVE-2020-7030	Information Exposure vulnerability in Avaya IP Office A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. local low complexity avaya CWE-200	5.5
2019-12-12	CVE-2019-7004	Cross-site Scripting vulnerability in Avaya IP Office Application Server 11.0/11.0.4.0 A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. network low complexity avaya CWE-79	5.4
2019-07-31	CVE-2019-7000	Cross-site Scripting vulnerability in Avaya Aura Conferencing 7.0/7.2/8.0 A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. network low complexity avaya CWE-79	6.1