A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: avaya

Published: 2020-08-11T23:05:18.034092Z

Updated: 2024-09-16T22:03:15.362Z

Reserved: 2020-01-14T00:00:00

Link: CVE-2020-7029

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-08-11T23:15:11.590

Modified: 2024-11-21T05:36:30.787

Link: CVE-2020-7029

cve-icon Redhat

No data.