CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7480 – Improper access control in Avaya Aura System Manager
https://notcve.org/view.php?id=CVE-2024-7480
08 Aug 2024 — An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support. An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system.... • https://download.avaya.com/css/public/documents/101091159 • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7477 – Avaya Aura System Manager SQL injection vulnerability
https://notcve.org/view.php?id=CVE-2024-7477
08 Aug 2024 — A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support. A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. Aff... • https://download.avaya.com/css/public/documents/101091159 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7031 – Avaya Experience Portal Manager Insecure Direct Object Reference Vulnerabilities
https://notcve.org/view.php?id=CVE-2023-7031
17 Jan 2024 — Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support. Se descubrieron vulnerabilidades de referencia directa de objetos inseguros en Avaya Aura Experience Portal Manager que pueden permitir la divulgación parcial de información a un usuario aut... • https://support.avaya.com/css/public/documents/101088063 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2023-3722 – Avaya Aura Device Services Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-3722
19 Jul 2023 — An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier. • https://github.com/pizza-power/CVE-2023-3722 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2249 – Avaya Aura Communication Manager Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-2249
12 Oct 2022 — Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0. Se detectaron vulnerabilidades relacionadas con una escalada de privilegios en Avaya Aura Communication Manager que pueden permitir a usuarios administrativos locales escalar sus privilegios. Este problema afecta a Communication Manager versiones 8.0.0.0 ... • https://download.avaya.com/css/public/documents/101083760 • CWE-269: Improper Privilege Management •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2975 – Avaya Aura Application Enablement Services weak permissions in web application
https://notcve.org/view.php?id=CVE-2022-2975
06 Oct 2022 — A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. Se detectó una vulnerabilidad relacionada con permisos débiles en la aplicación web de... • https://download.avaya.com/css/public/documents/101083688 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25654 – Avaya Aura Device Services Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-25654
25 Jun 2021 — An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services. Se ha detectado una vulnerabilidad de ejecución de código arbitraria en Avaya Aura Device Services, que puede permitir a un usuario local ejecutar scripts especialmente diseñados. Afecta a versiones 7.0 hasta 8.1.4.0 de Avaya Aura Device Services • https://support.avaya.com/css/P8/documents/101076523 • CWE-378: Creation of Temporary File With Insecure Permissions •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25656 – Avaya Aura Experience Portal XSS vulnerabilities
https://notcve.org/view.php?id=CVE-2021-25656
24 Jun 2021 — Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). Se han detectado vulnerabilidades de inyección XSS almacenadas en la administración web de Avaya Aura Experience Portal que podrían permitir a un usuario autenticado revelar potencialmente información confidencial. Las versiones afe... • https://downloads.avaya.com/css/P8/documents/101076234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25655 – URL redirection to untrusted site possible in Avaya Aura Experience Portal
https://notcve.org/view.php?id=CVE-2021-25655
24 Jun 2021 — A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). Una vulnerabilidad en el componente Service Menu del sistema de Avaya Aura Experience Portal puede permitir el redireccionamiento de la URL a cualquier sitio no confiable mediante un ataque diseñado. Las versiones afectadas incluyen de las versiones 7.0 hasta 7.2.... • https://downloads.avaya.com/css/P8/documents/101076234 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25653 – Avaya Aura Appliance Virtualization Platform Utilities Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25653
24 Jun 2021 — A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU. Se ha detectado una vulnerabilidad de escalada de privilegios en Avaya Aura Appliance Virtualization Platform Utilities (AVPU) que podría permitir a un usuario local escalar privilegios. Afecta a las versiones 8.0.0.0 hasta 8.1.3.1 de AVPU • https://support.avaya.com/css/P8/documents/101076479 • CWE-250: Execution with Unnecessary Privileges •