CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31186 – Avaya IX Workforce Engagement - User Enumeration - CWE-204: Observable Response Discrepancy
https://notcve.org/view.php?id=CVE-2023-31186
30 May 2023 — Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-203: Observable Discrepancy CWE-204: Observable Response Discrepancy •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31187 – Avaya IX Workforce Engagement - CWE-522: Insufficiently Protected Credentials
https://notcve.org/view.php?id=CVE-2023-31187
30 May 2023 — Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 1CVE-2022-38168
https://notcve.org/view.php?id=CVE-2022-38168
03 Nov 2022 — Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification. Un Control de Acceso Roto en la Autenticación de Usuario en Avaya Scopia Pathfinder 10 y 20 PTS versión 8.3.7.0.4 permite a atacantes remotos no autenticados omitir la página de inicio de sesión, acceder a información confidencial y restablecer contraseñas de usuar... • https://medium.com/%40rob_nes/avaya-scopia-pathfinder-broken-access-control-ac792e995bae • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2249 – Avaya Aura Communication Manager Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-2249
12 Oct 2022 — Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0. Se detectaron vulnerabilidades relacionadas con una escalada de privilegios en Avaya Aura Communication Manager que pueden permitir a usuarios administrativos locales escalar sus privilegios. Este problema afecta a Communication Manager versiones 8.0.0.0 ... • https://download.avaya.com/css/public/documents/101083760 • CWE-269: Improper Privilege Management •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2975 – Avaya Aura Application Enablement Services weak permissions in web application
https://notcve.org/view.php?id=CVE-2022-2975
06 Oct 2022 — A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. Se detectó una vulnerabilidad relacionada con permisos débiles en la aplicación web de... • https://download.avaya.com/css/public/documents/101083688 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-25657 – Avaya IP Office Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25657
02 Sep 2022 — A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. Se ha detectado una vulnerabilidad de escalada de privilegios en Avaya IP Office Admin Lite y USB Creator que podría permitir a un usuario local escalar privilegios. Este problema afecta a Admin Lite y USB Creator versión 11.1 Feature Pack 2 Servi... • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0037/MNDT-2022-0037.md • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25654 – Avaya Aura Device Services Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-25654
25 Jun 2021 — An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services. Se ha detectado una vulnerabilidad de ejecución de código arbitraria en Avaya Aura Device Services, que puede permitir a un usuario local ejecutar scripts especialmente diseñados. Afecta a versiones 7.0 hasta 8.1.4.0 de Avaya Aura Device Services • https://support.avaya.com/css/P8/documents/101076523 • CWE-378: Creation of Temporary File With Insecure Permissions •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25656 – Avaya Aura Experience Portal XSS vulnerabilities
https://notcve.org/view.php?id=CVE-2021-25656
24 Jun 2021 — Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). Se han detectado vulnerabilidades de inyección XSS almacenadas en la administración web de Avaya Aura Experience Portal que podrían permitir a un usuario autenticado revelar potencialmente información confidencial. Las versiones afe... • https://downloads.avaya.com/css/P8/documents/101076234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25655 – URL redirection to untrusted site possible in Avaya Aura Experience Portal
https://notcve.org/view.php?id=CVE-2021-25655
24 Jun 2021 — A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). Una vulnerabilidad en el componente Service Menu del sistema de Avaya Aura Experience Portal puede permitir el redireccionamiento de la URL a cualquier sitio no confiable mediante un ataque diseñado. Las versiones afectadas incluyen de las versiones 7.0 hasta 7.2.... • https://downloads.avaya.com/css/P8/documents/101076234 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25653 – Avaya Aura Appliance Virtualization Platform Utilities Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25653
24 Jun 2021 — A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU. Se ha detectado una vulnerabilidad de escalada de privilegios en Avaya Aura Appliance Virtualization Platform Utilities (AVPU) que podría permitir a un usuario local escalar privilegios. Afecta a las versiones 8.0.0.0 hasta 8.1.3.1 de AVPU • https://support.avaya.com/css/P8/documents/101076479 • CWE-250: Execution with Unnecessary Privileges •