Page 2 of 33 results (0.004 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

24 Jun 2021 — An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU. Se ha detectado una vulnerabilidad de divulgación de información en la administración de directorios y archivos de Avaya Aura Appliance... • https://support.avaya.com/css/P8/documents/101076479 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

24 Jun 2021 — A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services Se ha detectado una vulnerabilidad de escalada de privilegios en Avaya Aura Utility Services que podría permitir a un usuario local escalar privilegios. Afecta a todas las versiones 7.x de Avaya Aura Utility Services • https://support.avaya.com/css/P8/documents/101072728 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

24 Jun 2021 — A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services Se ha detectado una vulnerabilidad de escalada de privilegios en Avaya Aura Utility Services que podría permitir potencialmente a un usuario local ejecutar scripts especialmente diseñados como usuario privilegiado. Afecta a todas las versiones 7.x de Avaya Aura Utility Serv... • https://support.avaya.com/css/P8/documents/101072728 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

24 Jun 2021 — An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services Se ha detectado una vulnerabilidad de divulgación de información en la administración de directorios y archivos de Avaya Aura Utility Services. Esta vulnerabilidad... • https://support.avaya.com/css/P8/documents/101072728 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

23 Apr 2021 — An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3. Una vulnerabilidad de XML External Entities (XXE) en la interfaz de usuario basada en web de Avaya Aura Orchestration Designer, podría permitir a un atacante remoto autenticado conseguir acces... • https://downloads.avaya.com/css/P8/documents/101075450 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 4

13 Nov 2020 — An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2. Una vulnerabilidad de tipo XML external entity (XXE) en la interfaz de administración de Avaya WebLM, permite a usuarios autenticados leer archivos arbitrarios o realizar ataques de tipo server-side request forg... • https://packetstorm.news/files/id/160123 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

11 Aug 2020 — A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1. Se descubrió una vulnerabilidad ... • https://support.avaya.com/css/P8/documents/101070201 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.6EPSS: 1%CPEs: 1EXPL: 0

28 Feb 2020 — A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server. Se ha encontrado una vulnerabilidad de salto de directorio en Avaya Equinox Management(iView) versiones R9.1.9.0 y anteriores. Una explotación con éxito podría potencialmente permitir a un atacante no autenticado acceder a archivos que ... • https://downloads.avaya.com/css/P8/documents/101064450 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0

31 Jul 2019 — A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated. Una vulnerabilidad Cross-Site Scripting (XSS) en la Web UI de Avaya Aura Conferencing podría permitir un código de ejecución y potencialmente revelar información confidencial. Versiones afectadas de Avaya Aura c... • https://downloads.avaya.com/css/P8/documents/101060208 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

01 Feb 2019 — A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1. Una vulnerabilidad en el componente del proceso "capro" (Call Processor, procesador de llamadas) de Avaya Aura Communication Manager podría permitir a un usuario remoto no autenticado provocar una denegación de servicio (DoS). Las ver... • http://www.securityfocus.com/bid/106826 • CWE-399: Resource Management Errors •