CVE-2020-7032
Avaya WebLM Improper Restriction of XML External Entity Reference
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2.
Una vulnerabilidad de tipo XML external entity (XXE) en la interfaz de administración de Avaya WebLM, permite a usuarios autenticados leer archivos arbitrarios o realizar ataques de tipo server-side request forgery (SSRF) por medio de un DTD diseñado en una petición XML. Las versiones afectadas de Avaya WebLM incluyen: versiones 7.0 hasta 7.1.3.6 y versiones 8.0 hasta 8.1.2
Avaya Web License Manager versions 6.x, 7.0 through 7.1.3.6, and 8.0 through 8.1.2.0.0 suffer from a blind out-of-band XML external entity injection vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-14 CVE Reserved
- 2020-11-13 CVE Published
- 2024-07-30 EPSS Updated
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://downloads.avaya.com/css/P8/documents/101072249 | 2022-10-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Avaya Search vendor "Avaya" | Aura System Manager Search vendor "Avaya" for product "Aura System Manager" | >= 7.0 <= 7.1.3.6 Search vendor "Avaya" for product "Aura System Manager" and version " >= 7.0 <= 7.1.3.6" | - |
Affected
| ||||||
Avaya Search vendor "Avaya" | Aura System Manager Search vendor "Avaya" for product "Aura System Manager" | >= 8.0 <= 8.1.2 Search vendor "Avaya" for product "Aura System Manager" and version " >= 8.0 <= 8.1.2" | - |
Affected
| ||||||
Avaya Search vendor "Avaya" | Weblm Search vendor "Avaya" for product "Weblm" | >= 7.0 <= 7.1.3.6 Search vendor "Avaya" for product "Weblm" and version " >= 7.0 <= 7.1.3.6" | - |
Affected
| ||||||
Avaya Search vendor "Avaya" | Weblm Search vendor "Avaya" for product "Weblm" | >= 8.0.0 < 8.1.3 Search vendor "Avaya" for product "Weblm" and version " >= 8.0.0 < 8.1.3" | - |
Affected
|