CVE-2019-7001 – Avaya IPOCC WebUI SQL Injection
https://notcve.org/view.php?id=CVE-2019-7001
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated. Una vulnerabilidad de inyección SQL, en el componente WebUI de IP Office Contact Center, podría permitir que un atacante autenticado recupere o modifique datos sensibles relacionados con otros usuarios en el sistema. Las versiones afectadas de IP Office Contact Center incluyen las versiones 9.x y 10.x anteriores a la 10.1.2.2.2-11201.1908. • https://downloads.avaya.com/css/P8/documents/101056762 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-12969 – Avaya IP Office (IPO) < 10.1 - ActiveX Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-12969
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. Desbordamiento de búfer en el control ViewerCtrlLib.ViewerCtrl de ActiveX en Avaya IP Office Contact Center, en versiones anteriores a la 10.1.1, permite que atacantes remotos provoquen una denegación de servicio (corrupción de memoria dinámica o heap y cierre inesperado) o ejecuten código arbitrario mediante una cadena larga para el método open. Avaya IP Office (IPO) versions 9.1.0 through 10.1 suffer from an active-x buffer overflow vulnerability. • https://www.exploit-db.com/exploits/43120 http://downloads.avaya.com/css/P8/documents/101044091 http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-%28IPO%29-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt http://packetstormsecurity.com/files/144882/Avaya-IP-Office-IPO-10.1-Active-X-Buffer-Overflow.html http://seclists.org/fulldisclosure/2017/Nov/17 http://www.securityfocus.com/bid/101667 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •