CVE-2019-7003 – ACM SQL Injection
https://notcve.org/view.php?id=CVE-2019-7003
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated. Una vulnerabilidad de inyección SQL en el componente de reportes de Avaya Control Manager, podría permitir a un atacante no autenticado ejecutar comandos SQL arbitrarios y recuperar datos confidenciales relacionados con otros usuarios del sistema. Las versiones afectadas de Avaya Control Manager incluyen a versiones 7.x y versiones 8.0.x anteriores a 8.0.4.0. • http://www.securityfocus.com/bid/109134 https://downloads.avaya.com/css/P8/documents/101059368 https://support.avaya.com/documents/documents-by-contenttype.action?product_id=P0941&product_name=Control+Manager&release_number=releaseId&contentType=ReleaseNotes • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •