cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12756,https://securityvulnerability.io/vulnerability/CVE-2024-12756,HTML Injection Vulnerability in Avaya Spaces by Avaya,An HTML Injection vulnerability in Avaya Spaces could potentially allow attackers to disclose sensitive information or manipulate the page content that users see. This flaw poses a significant risk as it may enable unauthorized access to user data and compromise the integrity of the platform.,Avaya,Avaya Spaces,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:59:12.902Z,0
CVE-2024-12755,https://securityvulnerability.io/vulnerability/CVE-2024-12755,Cross-Site Scripting Vulnerability in Avaya Spaces,"A Cross-Site Scripting vulnerability in Avaya Spaces could potentially allow unauthorized users to execute malicious code within the application. This can lead to the disclosure of sensitive information, as attackers could manipulate the web environment to perform unauthorized actions that compromise user data and privacy. Proper validation and sanitization of user inputs are essential to mitigate this risk and protect against such vulnerabilities.",Avaya,Avaya Spaces,7.9,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:57:07.799Z,0
CVE-2024-4197,https://securityvulnerability.io/vulnerability/CVE-2024-4197,Unrestricted File Upload Vulnerability Affects Avaya IP Office,"An unrestricted file upload vulnerability exists in the One-X component of Avaya IP Office, which may permit remote attackers to execute arbitrary commands or code on the affected system. This vulnerability impacts all versions of Avaya IP Office prior to 11.1.3.1, presenting significant risks to organizations using this product. Without proper validation and restrictions on file uploads, unauthorized users may exploit this weakness to gain control over the system and perform malicious actions.",Avaya,Ip Office,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-06-25T04:01:17.685Z,0
CVE-2024-4196,https://securityvulnerability.io/vulnerability/CVE-2024-4196,Avaya IP Office Vulnerability Could Allow Remote Command Execution,"An improper input validation flaw in Avaya IP Office opens avenues for potential remote command or code execution. This vulnerability arises when a specially crafted web request targets the Web Control component, potentially compromising system integrity. Systems running versions older than 11.1.3.1 are at risk, making it essential for users to upgrade to secure their infrastructures.",Avaya,Ip Office,9.8,CRITICAL,0.0008900000248104334,false,,false,false,false,,,false,false,,2024-06-25T04:00:30.307Z,0
CVE-2023-3722,https://securityvulnerability.io/vulnerability/CVE-2023-3722,Avaya Aura Device Services Remote Code Execution,An OS command injection vulnerability has been identified in the Avaya Aura Device Services Web application. This flaw could potentially allow an attacker to execute arbitrary commands on the server by exploiting a maliciously crafted file upload. Affected users of Avaya Aura Device Services version 8.1.4.0 and earlier are urged to take immediate action to secure their systems against possible exploitation.,Avaya,Aura Device Services,8.6,HIGH,0.0030300000216811895,false,,false,false,true,2024-11-20T04:40:41.000Z,true,false,false,,2023-07-19T20:15:00.000Z,0
CVE-2022-38168,https://securityvulnerability.io/vulnerability/CVE-2022-38168,Access Control Flaw in Avaya Scopia Pathfinder Affects User Authentication,"An access control vulnerability in Avaya Scopia Pathfinder allows remote unauthenticated attackers to bypass the login page. By modifying URLs, attackers can gain unauthorized access to sensitive user information and perform actions such as resetting user passwords. This vulnerability can pose significant risks to the integrity and confidentiality of user accounts.",Avaya,Scopia Pathfinder 10 Pts Firmware,9.1,CRITICAL,0.004509999882429838,false,,false,false,false,,,false,false,,2022-11-03T00:00:00.000Z,0
CVE-2022-2249,https://securityvulnerability.io/vulnerability/CVE-2022-2249,Avaya Aura Communication Manager Privilege Escalation Vulnerabilities,Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0.,Avaya,Avaya Aura Communication Manager,7.7,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-10-12T00:00:00.000Z,0
CVE-2022-2975,https://securityvulnerability.io/vulnerability/CVE-2022-2975,Avaya Aura Application Enablement Services weak permissions in web application,"A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.",Avaya,Avaya Aura Application Enablement Services,7.7,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-10-06T00:00:00.000Z,0
CVE-2021-25657,https://securityvulnerability.io/vulnerability/CVE-2021-25657,Avaya IP Office Privilege Escalation Vulnerability,A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.,Avaya,Ip Office,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-09-02T01:05:08.000Z,0
CVE-2021-25653,https://securityvulnerability.io/vulnerability/CVE-2021-25653,Avaya Aura Appliance Virtualization Platform Utilities Privilege Escalation Vulnerability,A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU.,Avaya,Avaya Aura Appliance Virtualization Platform Utilities,8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-06-24T08:55:29.000Z,0
CVE-2021-25651,https://securityvulnerability.io/vulnerability/CVE-2021-25651,Avaya Aura Utility Services Privilege Escalation Vulnerability,A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services,Avaya,Avaya Aura Utility Services,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-06-24T08:55:26.000Z,0
CVE-2021-25650,https://securityvulnerability.io/vulnerability/CVE-2021-25650,Avaya Aura Utility Services Privilege Escalation Vulnerability,A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services,Avaya,Avaya Aura Utility Services,8.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-06-24T08:55:25.000Z,0
CVE-2020-7038,https://securityvulnerability.io/vulnerability/CVE-2020-7038,Avaya Meetings Server Information Disclosure vulnerability,"A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server.",Avaya,Avaya Meetings Management,7.5,HIGH,0.00279000005684793,false,,false,false,false,,,false,false,,2021-04-28T00:00:00.000Z,0
CVE-2020-7037,https://securityvulnerability.io/vulnerability/CVE-2020-7037,Avaya Equinox Conferencing XXE vulnerability,"An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The affected versions of Avaya Equinox Conferencing includes all 9.x versions before 9.1.11. Equinox Conferencing is now offered as Avaya Meetings Server.",Avaya,Avaya Meetings Server,8.1,HIGH,0.002099999925121665,false,,false,false,false,,,false,false,,2021-04-28T00:00:00.000Z,0
CVE-2020-7036,https://securityvulnerability.io/vulnerability/CVE-2020-7036,XXE in Avaya Callback Assist Administration,"An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7.",Avaya,Callback Assist,8.1,HIGH,0.0013000000035390258,false,,false,false,false,,,false,false,,2021-04-23T00:00:00.000Z,0
CVE-2020-7035,https://securityvulnerability.io/vulnerability/CVE-2020-7035,XXE in Avaya Aura Orchestration Designer,"An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3.",Avaya,Aura Orchestration Designer,8.1,HIGH,0.0013000000035390258,false,,false,false,false,,,false,false,,2021-04-23T00:00:00.000Z,0
CVE-2020-7034,https://securityvulnerability.io/vulnerability/CVE-2020-7034,Command injection in Avaya Session Border Controller for Enterprise,"A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x",Avaya,Session Border Controller For Enterprise,7.2,HIGH,0.0012499999720603228,false,,false,false,false,,,false,false,,2021-04-23T00:00:00.000Z,0
CVE-2019-7007,https://securityvulnerability.io/vulnerability/CVE-2019-7007,Avaya Equinox Conferencing Management (iView) Directory Traversal Vulnerability,A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server.,Avaya,Equinox Conferencing Management (iview),7.5,HIGH,0.0031999999191612005,false,,false,false,false,,,false,false,,2020-02-28T00:00:00.000Z,0
CVE-2019-7003,https://securityvulnerability.io/vulnerability/CVE-2019-7003,ACM SQL Injection,A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.,Avaya,Avaya Control Manager,9.3,CRITICAL,0.0015200000489130616,false,,false,false,false,,,false,false,,2019-07-11T19:15:00.000Z,0
CVE-2019-7001,https://securityvulnerability.io/vulnerability/CVE-2019-7001,Avaya IPOCC WebUI SQL Injection,A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated.,Avaya,Ip Office Contact Center,9.9,CRITICAL,0.0008699999889358878,false,,false,false,false,,,false,false,,2019-04-04T00:00:00.000Z,0
CVE-2018-15616,https://securityvulnerability.io/vulnerability/CVE-2018-15616,System Platform Web UI Deserialization,"A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2.",Avaya,Avaya Aura® System Platform,9,CRITICAL,0.005659999791532755,false,,false,false,false,,,false,false,,2018-10-17T19:00:00.000Z,0
CVE-2018-15615,https://securityvulnerability.io/vulnerability/CVE-2018-15615,CMS Supervisor Information Disclosure,A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.,Avaya,Call Management System Supervisor,7.2,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2018-09-24T13:00:00.000Z,0
CVE-2018-15613,https://securityvulnerability.io/vulnerability/CVE-2018-15613,Orchestration Designer Runtime Config XSS,A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.,Avaya,Orchestration Designer,8.3,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2018-09-21T18:00:00.000Z,0
CVE-2018-15612,https://securityvulnerability.io/vulnerability/CVE-2018-15612,Orchestration Designer Runtime Config CSRF,"A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.",Avaya,Orchestration Designer,8.3,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2018-09-21T18:00:00.000Z,0
CVE-2018-15610,https://securityvulnerability.io/vulnerability/CVE-2018-15610,Improper access controls in IP Office one-X Portal,"A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.",Avaya,Ip Office,7.3,HIGH,0.0008099999977275729,false,,false,false,false,,,false,false,,2018-09-12T21:00:00.000Z,0