Filtered by vendor Avaya
Subscriptions
Total
133 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-7031 | 1 Avaya | 1 Aura Experience Portal | 2024-11-21 | 5.7 Medium |
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support. | ||||
CVE-2023-3722 | 1 Avaya | 1 Aura Device Services | 2024-11-21 | 8.6 High |
An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier. | ||||
CVE-2023-3527 | 1 Avaya | 1 Call Management System | 2024-11-21 | 6.8 Medium |
A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel. | ||||
CVE-2023-32218 | 1 Avaya | 1 Ix Workforce Engagement | 2024-11-21 | 6.1 Medium |
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | ||||
CVE-2023-31187 | 1 Avaya | 1 Ix Workforce Engagement | 2024-11-21 | 6.5 Medium |
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials | ||||
CVE-2023-31186 | 1 Avaya | 1 Ix Workforce Engagement | 2024-11-21 | 5.3 Medium |
Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy | ||||
CVE-2022-38168 | 1 Avaya | 4 Scopia Pathfinder 10 Pts, Scopia Pathfinder 10 Pts Firmware, Scopia Pathfinder 20 Pts and 1 more | 2024-11-21 | 9.1 Critical |
Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification. | ||||
CVE-2022-2975 | 1 Avaya | 1 Aura Application Enablement Services | 2024-11-21 | 7.7 High |
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. | ||||
CVE-2022-2249 | 1 Avaya | 1 Aura Communication Manager | 2024-11-21 | 7.7 High |
Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0. | ||||
CVE-2021-25657 | 1 Avaya | 1 Ip Office | 2024-11-21 | 7.8 High |
A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. | ||||
CVE-2021-25656 | 1 Avaya | 1 Aura Experience Portal | 2024-11-21 | 5.3 Medium |
Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). | ||||
CVE-2021-25655 | 1 Avaya | 1 Aura Experience Portal | 2024-11-21 | 4.4 Medium |
A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). | ||||
CVE-2021-25654 | 1 Avaya | 1 Aura Device Services | 2024-11-21 | 6.2 Medium |
An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services. | ||||
CVE-2021-25653 | 1 Avaya | 1 Aura Appliance Virtualization Platform | 2024-11-21 | 8 High |
A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU. | ||||
CVE-2021-25652 | 1 Avaya | 1 Aura Appliance Virtualization Platform | 2024-11-21 | 4.9 Medium |
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU. | ||||
CVE-2021-25651 | 1 Avaya | 1 Aura Utility Services | 2024-11-21 | 8 High |
A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services | ||||
CVE-2021-25650 | 1 Avaya | 1 Aura Utility Services | 2024-11-21 | 7.7 High |
A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services | ||||
CVE-2021-25649 | 1 Avaya | 1 Aura Utility Services | 2024-11-21 | 4.9 Medium |
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services | ||||
CVE-2020-7038 | 1 Avaya | 1 Equinox Conferencing | 2024-11-21 | 7.5 High |
A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server. | ||||
CVE-2020-7037 | 1 Avaya | 1 Equinox Conferencing | 2024-11-21 | 8.1 High |
An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The affected versions of Avaya Equinox Conferencing includes all 9.x versions before 9.1.11. Equinox Conferencing is now offered as Avaya Meetings Server. |