
CVE-2021-25652 – Avaya Aura Appliance Virtualization Platform Utilities Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25652
24 Jun 2021 — An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU. Se ha detectado una vulnerabilidad de divulgación de información en la administración de directorios y archivos de Avaya Aura Appliance... • https://support.avaya.com/css/P8/documents/101076479 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •

CVE-2021-25651 – Avaya Aura Utility Services Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25651
24 Jun 2021 — A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services Se ha detectado una vulnerabilidad de escalada de privilegios en Avaya Aura Utility Services que podría permitir a un usuario local escalar privilegios. Afecta a todas las versiones 7.x de Avaya Aura Utility Services • https://support.avaya.com/css/P8/documents/101072728 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •

CVE-2021-25650 – Avaya Aura Utility Services Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25650
24 Jun 2021 — A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services Se ha detectado una vulnerabilidad de escalada de privilegios en Avaya Aura Utility Services que podría permitir potencialmente a un usuario local ejecutar scripts especialmente diseñados como usuario privilegiado. Afecta a todas las versiones 7.x de Avaya Aura Utility Serv... • https://support.avaya.com/css/P8/documents/101072728 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •

CVE-2021-25649 – Avaya Utility Services Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25649
24 Jun 2021 — An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services Se ha detectado una vulnerabilidad de divulgación de información en la administración de directorios y archivos de Avaya Aura Utility Services. Esta vulnerabilidad... • https://support.avaya.com/css/P8/documents/101072728 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2020-7035 – XXE in Avaya Aura Orchestration Designer
https://notcve.org/view.php?id=CVE-2020-7035
23 Apr 2021 — An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3. Una vulnerabilidad de XML External Entities (XXE) en la interfaz de usuario basada en web de Avaya Aura Orchestration Designer, podría permitir a un atacante remoto autenticado conseguir acces... • https://downloads.avaya.com/css/P8/documents/101075450 • CWE-611: Improper Restriction of XML External Entity Reference •

CVE-2020-7032 – Avaya WebLM Improper Restriction of XML External Entity Reference
https://notcve.org/view.php?id=CVE-2020-7032
13 Nov 2020 — An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2. Una vulnerabilidad de tipo XML external entity (XXE) en la interfaz de administración de Avaya WebLM, permite a usuarios autenticados leer archivos arbitrarios o realizar ataques de tipo server-side request forg... • https://packetstorm.news/files/id/160123 • CWE-611: Improper Restriction of XML External Entity Reference •

CVE-2020-7029 – Avaya Product System Management Interface Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2020-7029
11 Aug 2020 — A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1. Se descubrió una vulnerabilidad ... • https://support.avaya.com/css/P8/documents/101070201 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2019-7007 – Avaya Equinox Conferencing Management (iView) Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2019-7007
28 Feb 2020 — A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server. Se ha encontrado una vulnerabilidad de salto de directorio en Avaya Equinox Management(iView) versiones R9.1.9.0 y anteriores. Una explotación con éxito podría potencialmente permitir a un atacante no autenticado acceder a archivos que ... • https://downloads.avaya.com/css/P8/documents/101064450 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2019-7000 – Avaya Aura Conferencing XSS
https://notcve.org/view.php?id=CVE-2019-7000
31 Jul 2019 — A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated. Una vulnerabilidad Cross-Site Scripting (XSS) en la Web UI de Avaya Aura Conferencing podría permitir un código de ejecución y potencialmente revelar información confidencial. Versiones afectadas de Avaya Aura c... • https://downloads.avaya.com/css/P8/documents/101060208 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2018-15617 – Communication Manager Denial of Service
https://notcve.org/view.php?id=CVE-2018-15617
01 Feb 2019 — A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1. Una vulnerabilidad en el componente del proceso "capro" (Call Processor, procesador de llamadas) de Avaya Aura Communication Manager podría permitir a un usuario remoto no autenticado provocar una denegación de servicio (DoS). Las ver... • http://www.securityfocus.com/bid/106826 • CWE-399: Resource Management Errors •