cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-4197,https://securityvulnerability.io/vulnerability/CVE-2024-4197,Unrestricted File Upload Vulnerability Affects Avaya IP Office,"An unrestricted file upload vulnerability exists in the One-X component of Avaya IP Office, which may permit remote attackers to execute arbitrary commands or code on the affected system. This vulnerability impacts all versions of Avaya IP Office prior to 11.1.3.1, presenting significant risks to organizations using this product. Without proper validation and restrictions on file uploads, unauthorized users may exploit this weakness to gain control over the system and perform malicious actions.",Avaya,Ip Office,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-06-25T04:01:17.685Z,0
CVE-2024-4196,https://securityvulnerability.io/vulnerability/CVE-2024-4196,Avaya IP Office Vulnerability Could Allow Remote Command Execution,"An improper input validation flaw in Avaya IP Office opens avenues for potential remote command or code execution. This vulnerability arises when a specially crafted web request targets the Web Control component, potentially compromising system integrity. Systems running versions older than 11.1.3.1 are at risk, making it essential for users to upgrade to secure their infrastructures.",Avaya,Ip Office,9.8,CRITICAL,0.0008900000248104334,false,,false,false,false,,,false,false,,2024-06-25T04:00:30.307Z,0
CVE-2021-25657,https://securityvulnerability.io/vulnerability/CVE-2021-25657,Avaya IP Office Privilege Escalation Vulnerability,A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.,Avaya,Ip Office,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-09-02T01:05:08.000Z,0
CVE-2019-7005,https://securityvulnerability.io/vulnerability/CVE-2019-7005,Unauthenticated Information Disclosure Vulnerability in IP Office,"A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2.",Avaya,Ip Office,5.9,MEDIUM,0.0037799999117851257,false,,false,false,false,,,false,false,,2020-08-07T00:00:00.000Z,0
CVE-2020-7030,https://securityvulnerability.io/vulnerability/CVE-2020-7030,IPO Information Disclosure,"A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.",Avaya,Ip Office,5.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2020-06-04T00:15:00.000Z,0
CVE-2019-7004,https://securityvulnerability.io/vulnerability/CVE-2019-7004,Avaya IP Office XSS Vulnerability,"A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.",Avaya,Ip Office Application Server,6.4,MEDIUM,0.003379999892786145,false,,false,false,false,,,false,false,,2019-12-12T00:15:00.000Z,0
CVE-2019-7001,https://securityvulnerability.io/vulnerability/CVE-2019-7001,Avaya IPOCC WebUI SQL Injection,A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated.,Avaya,Ip Office Contact Center,9.9,CRITICAL,0.0008699999889358878,false,,false,false,false,,,false,false,,2019-04-04T00:00:00.000Z,0
CVE-2018-15614,https://securityvulnerability.io/vulnerability/CVE-2018-15614,IP Office one-X Portal XSS,A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1.,Avaya,Ip Office,6.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-01-23T17:00:00.000Z,0
CVE-2018-15610,https://securityvulnerability.io/vulnerability/CVE-2018-15610,Improper access controls in IP Office one-X Portal,"A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.",Avaya,Ip Office,7.3,HIGH,0.0008099999977275729,false,,false,false,false,,,false,false,,2018-09-12T21:00:00.000Z,0
CVE-2017-11309,https://securityvulnerability.io/vulnerability/CVE-2017-11309,,Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.,Avaya,Ip Office,9.6,CRITICAL,0.07850000262260437,false,,false,false,false,,,false,false,,2017-11-10T02:29:00.000Z,0
CVE-2017-12969,https://securityvulnerability.io/vulnerability/CVE-2017-12969,,Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.,Avaya,Ip Office Contact Center,8.8,HIGH,0.6035900115966797,false,,false,false,false,,,false,false,,2017-11-10T02:29:00.000Z,0
CVE-2012-3811,https://securityvulnerability.io/vulnerability/CVE-2012-3811,,Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.,Avaya,Ip Office Customer Call Reporter,,,0.9723899960517883,false,,false,false,false,,,false,false,,2012-07-03T19:55:00.000Z,0
CVE-2005-0506,https://securityvulnerability.io/vulnerability/CVE-2005-0506,,"The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.",Avaya,"Ip Soft Phone,Ip Office Phone Manager",,,0.02817000076174736,false,,false,false,false,,,false,false,,2005-03-14T05:00:00.000Z,0