cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-12756,https://securityvulnerability.io/vulnerability/CVE-2024-12756,HTML Injection Vulnerability in Avaya Spaces by Avaya,An HTML Injection vulnerability in Avaya Spaces could potentially allow attackers to disclose sensitive information or manipulate the page content that users see. This flaw poses a significant risk as it may enable unauthorized access to user data and compromise the integrity of the platform.,Avaya,Avaya Spaces,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:59:12.902Z,0 CVE-2024-12755,https://securityvulnerability.io/vulnerability/CVE-2024-12755,Cross-Site Scripting Vulnerability in Avaya Spaces,"A Cross-Site Scripting vulnerability in Avaya Spaces could potentially allow unauthorized users to execute malicious code within the application. This can lead to the disclosure of sensitive information, as attackers could manipulate the web environment to perform unauthorized actions that compromise user data and privacy. Proper validation and sanitization of user inputs are essential to mitigate this risk and protect against such vulnerabilities.",Avaya,Avaya Spaces,7.9,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:57:07.799Z,0 CVE-2024-7477,https://securityvulnerability.io/vulnerability/CVE-2024-7477,Avaya Aura System Manager CVSS Score: 8.8 Due to SQL Injection Vulnerability,"A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database.  Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.",Avaya,Aura System Manager,6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-08T16:15:00.000Z,0 CVE-2024-7480,https://securityvulnerability.io/vulnerability/CVE-2024-7480,Avaya Aura System Manager Vulnerability Allows Access to Arbitrary Files,An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.,Avaya,Aura System Manager,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-08T16:15:00.000Z,0 CVE-2024-4197,https://securityvulnerability.io/vulnerability/CVE-2024-4197,Unrestricted File Upload Vulnerability Affects Avaya IP Office,"An unrestricted file upload vulnerability exists in the One-X component of Avaya IP Office, which may permit remote attackers to execute arbitrary commands or code on the affected system. This vulnerability impacts all versions of Avaya IP Office prior to 11.1.3.1, presenting significant risks to organizations using this product. Without proper validation and restrictions on file uploads, unauthorized users may exploit this weakness to gain control over the system and perform malicious actions.",Avaya,Ip Office,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-06-25T04:01:17.685Z,0 CVE-2024-4196,https://securityvulnerability.io/vulnerability/CVE-2024-4196,Avaya IP Office Vulnerability Could Allow Remote Command Execution,"An improper input validation flaw in Avaya IP Office opens avenues for potential remote command or code execution. This vulnerability arises when a specially crafted web request targets the Web Control component, potentially compromising system integrity. Systems running versions older than 11.1.3.1 are at risk, making it essential for users to upgrade to secure their infrastructures.",Avaya,Ip Office,9.8,CRITICAL,0.0008900000248104334,false,,false,false,false,,,false,false,,2024-06-25T04:00:30.307Z,0 CVE-2023-7031,https://securityvulnerability.io/vulnerability/CVE-2023-7031,Avaya Experience Portal Manager Insecure Direct Object Reference Vulnerabilities,"Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support.",Avaya,Experience Portal Manager,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-01-17T18:34:41.831Z,0 CVE-2023-3722,https://securityvulnerability.io/vulnerability/CVE-2023-3722,Avaya Aura Device Services Remote Code Execution,An OS command injection vulnerability has been identified in the Avaya Aura Device Services Web application. This flaw could potentially allow an attacker to execute arbitrary commands on the server by exploiting a maliciously crafted file upload. Affected users of Avaya Aura Device Services version 8.1.4.0 and earlier are urged to take immediate action to secure their systems against possible exploitation.,Avaya,Aura Device Services,8.6,HIGH,0.0030300000216811895,false,,false,false,true,2024-11-20T04:40:41.000Z,true,false,false,,2023-07-19T20:15:00.000Z,0 CVE-2023-3527,https://securityvulnerability.io/vulnerability/CVE-2023-3527,Avaya Call Management System CSV injection vulnerability,"A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.   ",Avaya,Avaya Call Management System,6.8,MEDIUM,0.001019999966956675,false,,false,false,false,,,false,false,,2023-07-18T22:15:00.000Z,0 CVE-2023-31187,https://securityvulnerability.io/vulnerability/CVE-2023-31187," Avaya IX Workforce Engagement - CWE-522: Insufficiently Protected Credentials",Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials,Avaya,IX Workforce Engagement,6.5,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2023-05-30T00:00:00.000Z,0 CVE-2023-32218,https://securityvulnerability.io/vulnerability/CVE-2023-32218," Avaya IX Workforce Engagement - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')",Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect'),Avaya,IX Workforce Engagement,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2023-05-30T00:00:00.000Z,0 CVE-2023-31186,https://securityvulnerability.io/vulnerability/CVE-2023-31186,Avaya IX Workforce Engagement - User Enumeration - CWE-204: Observable Response Discrepancy,Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy,Avaya,IX Workforce Engagement,5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2023-05-30T00:00:00.000Z,0 CVE-2022-38168,https://securityvulnerability.io/vulnerability/CVE-2022-38168,Access Control Flaw in Avaya Scopia Pathfinder Affects User Authentication,"An access control vulnerability in Avaya Scopia Pathfinder allows remote unauthenticated attackers to bypass the login page. By modifying URLs, attackers can gain unauthorized access to sensitive user information and perform actions such as resetting user passwords. This vulnerability can pose significant risks to the integrity and confidentiality of user accounts.",Avaya,Scopia Pathfinder 10 Pts Firmware,9.1,CRITICAL,0.004509999882429838,false,,false,false,false,,,false,false,,2022-11-03T00:00:00.000Z,0 CVE-2022-2249,https://securityvulnerability.io/vulnerability/CVE-2022-2249,Avaya Aura Communication Manager Privilege Escalation Vulnerabilities,Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0.,Avaya,Avaya Aura Communication Manager,7.7,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-10-12T00:00:00.000Z,0 CVE-2022-2975,https://securityvulnerability.io/vulnerability/CVE-2022-2975,Avaya Aura Application Enablement Services weak permissions in web application,"A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.",Avaya,Avaya Aura Application Enablement Services,7.7,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-10-06T00:00:00.000Z,0 CVE-2021-25657,https://securityvulnerability.io/vulnerability/CVE-2021-25657,Avaya IP Office Privilege Escalation Vulnerability,A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.,Avaya,Ip Office,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-09-02T01:05:08.000Z,0 CVE-2021-25654,https://securityvulnerability.io/vulnerability/CVE-2021-25654,Avaya Aura Device Services Arbitrary Code Execution Vulnerability,An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services.,Avaya,Avaya Aura Devices Services,6.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-06-25T20:15:12.000Z,0 CVE-2021-25656,https://securityvulnerability.io/vulnerability/CVE-2021-25656,Avaya Aura Experience Portal XSS vulnerabilities,Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).,Avaya,Product,5.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-06-24T08:55:32.000Z,0 CVE-2021-25655,https://securityvulnerability.io/vulnerability/CVE-2021-25655,URL redirection to untrusted site possible in Avaya Aura Experience Portal,A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).,Avaya,Avaya Experience Portal,4.4,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2021-06-24T08:55:31.000Z,0 CVE-2021-25653,https://securityvulnerability.io/vulnerability/CVE-2021-25653,Avaya Aura Appliance Virtualization Platform Utilities Privilege Escalation Vulnerability,A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU.,Avaya,Avaya Aura Appliance Virtualization Platform Utilities,8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-06-24T08:55:29.000Z,0 CVE-2021-25652,https://securityvulnerability.io/vulnerability/CVE-2021-25652,Avaya Aura Appliance Virtualization Platform Utilities Sensitive Information Disclosure Vulnerability,An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.,Avaya,Avaya Aura Appliance Virtualization Platform Utilities,4.9,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-06-24T08:55:28.000Z,0 CVE-2021-25651,https://securityvulnerability.io/vulnerability/CVE-2021-25651,Avaya Aura Utility Services Privilege Escalation Vulnerability,A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services,Avaya,Avaya Aura Utility Services,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-06-24T08:55:26.000Z,0 CVE-2021-25650,https://securityvulnerability.io/vulnerability/CVE-2021-25650,Avaya Aura Utility Services Privilege Escalation Vulnerability,A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services,Avaya,Avaya Aura Utility Services,8.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-06-24T08:55:25.000Z,0 CVE-2021-25649,https://securityvulnerability.io/vulnerability/CVE-2021-25649,Avaya Utility Services Sensitive Information Disclosure Vulnerability,An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services,Avaya,Avaya Aura Utility Services,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-06-24T08:55:23.000Z,0 CVE-2020-7037,https://securityvulnerability.io/vulnerability/CVE-2020-7037,Avaya Equinox Conferencing XXE vulnerability,"An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The affected versions of Avaya Equinox Conferencing includes all 9.x versions before 9.1.11. Equinox Conferencing is now offered as Avaya Meetings Server.",Avaya,Avaya Meetings Server,8.1,HIGH,0.002099999925121665,false,,false,false,false,,,false,false,,2021-04-28T00:00:00.000Z,0