31 results (0.012 seconds)

CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0

Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support. Se descubrieron vulnerabilidades de referencia directa de objetos inseguros en Avaya Aura Experience Portal Manager que pueden permitir la divulgación parcial de información a un usuario autenticado sin privilegios. Las versiones afectadas incluyen 8.0.x y 8.1.x, anteriores al parche 0402 8.1.2. • https://support.avaya.com/css/public/documents/101088063 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier. • https://download.avaya.com/css/public/documents/101076366 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0

Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0. Se detectaron vulnerabilidades relacionadas con una escalada de privilegios en Avaya Aura Communication Manager que pueden permitir a usuarios administrativos locales escalar sus privilegios. Este problema afecta a Communication Manager versiones 8.0.0.0 hasta 8.1.3.3 y 10.1.0.0 • https://download.avaya.com/css/public/documents/101083760 • CWE-269: Improper Privilege Management •

CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0

A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. Se detectó una vulnerabilidad relacionada con permisos débiles en la aplicación web de Avaya Aura Application Enablement Services, que permitía que un usuario administrativo modificara las cuentas, conllevando a una ejecución de código arbitrario como usuario root. Este problema afecta a versiones 8.0.0.0 a 8.1.3.4 y 10.1.0.0 a 10.1.0.1 de Application Enablement Services. • https://download.avaya.com/css/public/documents/101083688 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services. Se ha detectado una vulnerabilidad de ejecución de código arbitraria en Avaya Aura Device Services, que puede permitir a un usuario local ejecutar scripts especialmente diseñados. Afecta a versiones 7.0 hasta 8.1.4.0 de Avaya Aura Device Services • https://support.avaya.com/css/P8/documents/101076523 • CWE-378: Creation of Temporary File With Insecure Permissions •