Vulnerabilities > Avaya > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-24 | CVE-2021-25653 | Unspecified vulnerability in Avaya Aura Appliance Virtualization Platform 8.0.0.0/8.1.3.1 A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. | 4.6 |
| 2021-06-24 | CVE-2021-25655 | Open Redirect vulnerability in Avaya Aura Experience Portal 7.1/8.0.0 A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. | 5.8 |
| 2021-04-28 | CVE-2020-7037 | XXE vulnerability in Avaya Equinox Conferencing 9.0.0/9.1.10/9.1.9 An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. | 5.5 |
| 2021-04-23 | CVE-2020-7036 | XXE vulnerability in Avaya Callback Assist 4.7.1.1 An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. | 4.0 |
| 2021-04-23 | CVE-2020-7035 | XXE vulnerability in Avaya Aura Orchestration Designer An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. | 4.0 |
| 2020-11-13 | CVE-2020-7032 | XXE vulnerability in Avaya Aura System Manager and Weblm An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 6.5 |
| 2020-08-11 | CVE-2020-7029 | Cross-Site Request Forgery (CSRF) vulnerability in Avaya Aura Communication Manager and Aura Messaging A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. | 6.8 |
| 2020-02-28 | CVE-2019-7007 | Path Traversal vulnerability in Avaya Aura Conferencing 9.0/9.1.9.0 A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. | 5.0 |
| 2019-12-12 | CVE-2019-7004 | Cross-site Scripting vulnerability in Avaya IP Office Application Server 11.0/11.0.4.0 A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. | 5.4 |
| 2019-11-15 | CVE-2016-5285 | NULL Pointer Dereference vulnerability in multiple products A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. | 5.0 |