CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25652 – Avaya Aura Appliance Virtualization Platform Utilities Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25652
24 Jun 2021 — An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU. Se ha detectado una vulnerabilidad de divulgación de información en la administración de directorios y archivos de Avaya Aura Appliance... • https://support.avaya.com/css/P8/documents/101076479 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25651 – Avaya Aura Utility Services Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25651
24 Jun 2021 — A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services Se ha detectado una vulnerabilidad de escalada de privilegios en Avaya Aura Utility Services que podría permitir a un usuario local escalar privilegios. Afecta a todas las versiones 7.x de Avaya Aura Utility Services • https://support.avaya.com/css/P8/documents/101072728 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25650 – Avaya Aura Utility Services Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25650
24 Jun 2021 — A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services Se ha detectado una vulnerabilidad de escalada de privilegios en Avaya Aura Utility Services que podría permitir potencialmente a un usuario local ejecutar scripts especialmente diseñados como usuario privilegiado. Afecta a todas las versiones 7.x de Avaya Aura Utility Serv... • https://support.avaya.com/css/P8/documents/101072728 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25649 – Avaya Utility Services Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25649
24 Jun 2021 — An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services Se ha detectado una vulnerabilidad de divulgación de información en la administración de directorios y archivos de Avaya Aura Utility Services. Esta vulnerabilidad... • https://support.avaya.com/css/P8/documents/101072728 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2020-7038 – Avaya Meetings Server Information Disclosure vulnerability
https://notcve.org/view.php?id=CVE-2020-7038
28 Apr 2021 — A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server. Se detectó una vulnerabilidad en el componente Management de Avaya Equinox Conferencing que podría permitir a un atacante ... • https://support.avaya.com/css/P8/documents/101075574 • CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7037 – Avaya Equinox Conferencing XXE vulnerability
https://notcve.org/view.php?id=CVE-2020-7037
28 Apr 2021 — An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The affected versions of Avaya Equinox Conferencing includes all 9.x versions before 9.1.11. Equinox Conferencing is now offered as Avaya Meetings Server. Una vulnerabilidad XML External Entities (XXE) en el componente Media Server de Avaya Equ... • https://support.avaya.com/css/P8/documents/101075574 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-7036 – XXE in Avaya Callback Assist Administration
https://notcve.org/view.php?id=CVE-2020-7036
23 Apr 2021 — An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7. Una vulnerabilidad XML External Entities (XXE) en Callback Assist, podría permitir a un atacante remoto autenticado conseguir acceso de lectura a la información que es almacenada en un sistema afectado. Las versiones afectadas de Ca... • https://downloads.avaya.com/css/P8/documents/101075450 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7035 – XXE in Avaya Aura Orchestration Designer
https://notcve.org/view.php?id=CVE-2020-7035
23 Apr 2021 — An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3. Una vulnerabilidad de XML External Entities (XXE) en la interfaz de usuario basada en web de Avaya Aura Orchestration Designer, podría permitir a un atacante remoto autenticado conseguir acces... • https://downloads.avaya.com/css/P8/documents/101075450 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2020-7034 – Command injection in Avaya Session Border Controller for Enterprise
https://notcve.org/view.php?id=CVE-2020-7034
23 Apr 2021 — A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x Una vulnerabilidad de inyección de comandos en Avaya Session Border Controller for Enterprise, podría permitir a un atacante remoto autenticado enviar mensajes especialmente dise... • https://downloads.avaya.com/css/P8/documents/101075451 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 4CVE-2020-7032 – Avaya WebLM Improper Restriction of XML External Entity Reference
https://notcve.org/view.php?id=CVE-2020-7032
13 Nov 2020 — An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2. Una vulnerabilidad de tipo XML external entity (XXE) en la interfaz de administración de Avaya WebLM, permite a usuarios autenticados leer archivos arbitrarios o realizar ataques de tipo server-side request forg... • https://packetstorm.news/files/id/160123 • CWE-611: Improper Restriction of XML External Entity Reference •