A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://support.avaya.com/css/P8/documents/101070201 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: avaya
Published: 2020-08-11T23:05:18.034092Z
Updated: 2024-09-16T22:03:15.362Z
Reserved: 2020-01-14T00:00:00
Link: CVE-2020-7029
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-08-11T23:15:11.590
Modified: 2024-11-21T05:36:30.787
Link: CVE-2020-7029
Redhat
No data.