CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-15617 – Communication Manager Denial of Service
https://notcve.org/view.php?id=CVE-2018-15617
01 Feb 2019 — A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1. Una vulnerabilidad en el componente del proceso "capro" (Call Processor, procesador de llamadas) de Avaya Aura Communication Manager podría permitir a un usuario remoto no autenticado provocar una denegación de servicio (DoS). Las ver... • http://www.securityfocus.com/bid/106826 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-15614 – IP Office one-X Portal XSS
https://notcve.org/view.php?id=CVE-2018-15614
23 Jan 2019 — A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1. Una vulnerabilidad en el componente one-x Portal de IP Office podría permitir que un usuario autenticado realice ataques de Cross-Site Scripting (XSS) persistente mediante cambios en e... • https://downloads.avaya.com/css/P8/documents/101054317 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 1CVE-2018-15616 – System Platform Web UI Deserialization
https://notcve.org/view.php?id=CVE-2018-15616
17 Oct 2018 — A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2. Una vulnerabilidad en el componente Web UI de Avaya Aura System Platform podría permitir que un usuario remoto no autenticado realice un ataque de deserialización dirigida que podría resultar en la ejecución remota de c... • https://downloads.avaya.com/css/P8/documents/101052865 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15611 – Communication Manager Local Administrator PrivEsc
https://notcve.org/view.php?id=CVE-2018-15611
27 Sep 2018 — A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1. Una vulnerabilidad en el componente de administración del sistema local de Avaya Aura Communication Manager puede permitir que un usuario autenticado privilegiado en el sistema local obtenga privilegios root. Las versiones afectadas incluyen las 6.3.x y to... • https://downloads.avaya.com/css/P8/documents/101052550 • CWE-284: Improper Access Control •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2018-15615 – CMS Supervisor Information Disclosure
https://notcve.org/view.php?id=CVE-2018-15615
24 Sep 2018 — A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x. Una vulnerabilidad en el componente Supervisor de Avaya Call Management System permite que un usuario local administrador extraiga información sensible de usuarios que se conectan a un host CMS remoto. Las versiones afectadas de CMS Supervisor incluyen la R17.0... • http://www.securityfocus.com/bid/105392 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15612 – Orchestration Designer Runtime Config CSRF
https://notcve.org/view.php?id=CVE-2018-15612
21 Sep 2018 — A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. Una vulnerabilidad Cross-Site Request Forgery (CSRF) en el componente Runtime Config de Avaya Aura Orchestration Designer podría permitir que un atacante añada, cambie o elimine configuración de administrador. Las versiones afectadas de Avaya Aura Orchestrat... • https://downloads.avaya.com/css/P8/documents/101052293 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15613 – Orchestration Designer Runtime Config XSS
https://notcve.org/view.php?id=CVE-2018-15613
21 Sep 2018 — A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. Una vulnerabilidad Cross-Site Scripting (XSS) en el componente Runtime Config de Avaya Aura Orchestration Designer podría resultar en la devolución de contenido malicioso al usuario. Las versiones afectadas de Avaya Aura Orchestration Designer son t... • https://downloads.avaya.com/css/P8/documents/101052293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 24EXPL: 1CVE-2018-15610 – Improper access controls in IP Office one-X Portal
https://notcve.org/view.php?id=CVE-2018-15610
10 Sep 2018 — A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2. Una vulnerabilidad en el componente one-X Portal de Avaya IP Office permite que un atacante autenticado lea y elimine archivos arbitrarios en el sistema. Las versiones afectadas de Avaya IP Office incluyen desde la 9.1 hasta la 9.1 SP12, desde la ... • https://packetstorm.news/files/id/149284 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2018-6635
https://notcve.org/view.php?id=CVE-2018-6635
05 Feb 2018 — System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. System Manager en Avaya Aura en versiones anteriores a la 7.1.2 no utiliza SSL correctamente junto con la autenticación, lo que permite que los atacantes remotos omitan las restricciones RMI (Remote Method Invocation). Esto también se conoce como SMGR-26896. • http://www.securityfocus.com/bid/102940 • CWE-326: Inadequate Encryption Strength •
CVSS: 9.6EPSS: 29%CPEs: 1EXPL: 3CVE-2017-11309 – Avaya IP Office (IPO) < 10.1 - 'SoftConsole' Remote Buffer Overflow (SEH)
https://notcve.org/view.php?id=CVE-2017-11309
05 Nov 2017 — Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response. Desbordamiento de búfer en el cliente de SoftConsole en Avaya IP Office en versiones anteriores a la 10.1.1 permite que servidores remotos ejecuten código arbitrario mediante una respuesta larga. Avaya IP Office (IPO) versions 9.1.0 through 10.1 suffer from a soft console remote buffer overflow vulnerability. • https://packetstorm.news/files/id/144883 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •