CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7033 – Avaya Equinox Conferencing XSS
https://notcve.org/view.php?id=CVE-2020-7033
12 Nov 2020 — A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Unified Portal Client (cliente web), que se utiliza en Avaya Equinox Conferencing puede permitir a un usuario autenticado realizar ataques de tipo XSS. Las versiones afectadas de Equinox Confe... • https://downloads.avaya.com/css/P8/documents/101072147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-7029 – Avaya Product System Management Interface Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2020-7029
11 Aug 2020 — A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1. Se descubrió una vulnerabilidad ... • https://support.avaya.com/css/P8/documents/101070201 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7005 – Unauthenticated Information Disclosure Vulnerability in IP Office
https://notcve.org/view.php?id=CVE-2019-7005
07 Aug 2020 — A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2. Se detectó una vulnerabilidad en el componente de la interfaz web de IP Office que puede permitir potencialmente a un usuario remoto no autenticado con acceso a la red conseguir información confidencial. Las versiones afectadas de IP ... • https://downloads.avaya.com/css/P8/documents/101070158 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 27EXPL: 2CVE-2020-7030 – IPO Information Disclosure
https://notcve.org/view.php?id=CVE-2020-7030
03 Jun 2020 — A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3. Se detectó una vulnerabilidad de divulgación de información confidencial en el componente web interface de IP Office, que puede permitir potencialmente a un usuario local conseguir acceso no autorizado al componente. Las vers... • https://packetstorm.news/files/id/157957 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 8.6EPSS: 1%CPEs: 1EXPL: 0CVE-2019-7007 – Avaya Equinox Conferencing Management (iView) Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2019-7007
28 Feb 2020 — A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server. Se ha encontrado una vulnerabilidad de salto de directorio en Avaya Equinox Management(iView) versiones R9.1.9.0 y anteriores. Una explotación con éxito podría potencialmente permitir a un atacante no autenticado acceder a archivos que ... • https://downloads.avaya.com/css/P8/documents/101064450 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 3CVE-2019-7004 – Avaya IP Office XSS Vulnerability
https://notcve.org/view.php?id=CVE-2019-7004
11 Dec 2019 — A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el componente WebUI de IP Office Application Server, podría permitir una ejecución no autorizada de código y revelar potencialmente información c... • https://packetstorm.news/files/id/156476 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2019-7000 – Avaya Aura Conferencing XSS
https://notcve.org/view.php?id=CVE-2019-7000
31 Jul 2019 — A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated. Una vulnerabilidad Cross-Site Scripting (XSS) en la Web UI de Avaya Aura Conferencing podría permitir un código de ejecución y potencialmente revelar información confidencial. Versiones afectadas de Avaya Aura c... • https://downloads.avaya.com/css/P8/documents/101060208 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2019-7003 – ACM SQL Injection
https://notcve.org/view.php?id=CVE-2019-7003
11 Jul 2019 — A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated. Una vulnerabilidad de inyección SQL en el componente de reportes de Avaya Control Manager, podría permitir a un atacante no autenticado ejecu... • http://www.securityfocus.com/bid/109134 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7001 – Avaya IPOCC WebUI SQL Injection
https://notcve.org/view.php?id=CVE-2019-7001
04 Apr 2019 — A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated. Una vulnerabilidad de inyección SQL, en el componente WebUI de IP Office Contact Center, podría permitir que un atacante autenticado recupere o modifi... • https://downloads.avaya.com/css/P8/documents/101056762 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2019-7006 – Avaya one-X Communicator Weak Encryption
https://notcve.org/view.php?id=CVE-2019-7006
27 Feb 2019 — Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13. Avaya one-X Communicator utiliza algoritmos criptográficos débiles en el componente de autenticación del cliente que podría permitir a un atacante local descifrar información sensible. Las versiones afectadas incluyen todas las 6.2.x anteriores a la 6.2 SP13. • http://www.securityfocus.com/bid/107175 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •