CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4197 – Avaya IP Office One-X Portal File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2024-4197
25 Jun 2024 — An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1. An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1. • https://download.avaya.com/css/public/documents/101090768 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4196 – Avaya IP Office Web Control RCE Vulnerability
https://notcve.org/view.php?id=CVE-2024-4196
25 Jun 2024 — An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1. • https://download.avaya.com/css/public/documents/101090768 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-25657 – Avaya IP Office Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25657
02 Sep 2022 — A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. Se ha detectado una vulnerabilidad de escalada de privilegios en Avaya IP Office Admin Lite y USB Creator que podría permitir a un usuario local escalar privilegios. Este problema afecta a Admin Lite y USB Creator versión 11.1 Feature Pack 2 Servi... • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0037/MNDT-2022-0037.md • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7005 – Unauthenticated Information Disclosure Vulnerability in IP Office
https://notcve.org/view.php?id=CVE-2019-7005
07 Aug 2020 — A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2. Se detectó una vulnerabilidad en el componente de la interfaz web de IP Office que puede permitir potencialmente a un usuario remoto no autenticado con acceso a la red conseguir información confidencial. Las versiones afectadas de IP ... • https://downloads.avaya.com/css/P8/documents/101070158 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 27EXPL: 2CVE-2020-7030 – IPO Information Disclosure
https://notcve.org/view.php?id=CVE-2020-7030
03 Jun 2020 — A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3. Se detectó una vulnerabilidad de divulgación de información confidencial en el componente web interface de IP Office, que puede permitir potencialmente a un usuario local conseguir acceso no autorizado al componente. Las vers... • https://packetstorm.news/files/id/157957 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 3CVE-2019-7004 – Avaya IP Office XSS Vulnerability
https://notcve.org/view.php?id=CVE-2019-7004
11 Dec 2019 — A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el componente WebUI de IP Office Application Server, podría permitir una ejecución no autorizada de código y revelar potencialmente información c... • https://packetstorm.news/files/id/156476 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7001 – Avaya IPOCC WebUI SQL Injection
https://notcve.org/view.php?id=CVE-2019-7001
04 Apr 2019 — A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated. Una vulnerabilidad de inyección SQL, en el componente WebUI de IP Office Contact Center, podría permitir que un atacante autenticado recupere o modifi... • https://downloads.avaya.com/css/P8/documents/101056762 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-15614 – IP Office one-X Portal XSS
https://notcve.org/view.php?id=CVE-2018-15614
23 Jan 2019 — A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1. Una vulnerabilidad en el componente one-x Portal de IP Office podría permitir que un usuario autenticado realice ataques de Cross-Site Scripting (XSS) persistente mediante cambios en e... • https://downloads.avaya.com/css/P8/documents/101054317 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 24EXPL: 1CVE-2018-15610 – Improper access controls in IP Office one-X Portal
https://notcve.org/view.php?id=CVE-2018-15610
10 Sep 2018 — A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2. Una vulnerabilidad en el componente one-X Portal de Avaya IP Office permite que un atacante autenticado lea y elimine archivos arbitrarios en el sistema. Las versiones afectadas de Avaya IP Office incluyen desde la 9.1 hasta la 9.1 SP12, desde la ... • https://packetstorm.news/files/id/149284 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control •
CVSS: 9.6EPSS: 29%CPEs: 1EXPL: 3CVE-2017-11309 – Avaya IP Office (IPO) < 10.1 - 'SoftConsole' Remote Buffer Overflow (SEH)
https://notcve.org/view.php?id=CVE-2017-11309
05 Nov 2017 — Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response. Desbordamiento de búfer en el cliente de SoftConsole en Avaya IP Office en versiones anteriores a la 10.1.1 permite que servidores remotos ejecuten código arbitrario mediante una respuesta larga. Avaya IP Office (IPO) versions 9.1.0 through 10.1 suffer from a soft console remote buffer overflow vulnerability. • https://packetstorm.news/files/id/144883 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •