Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avaya vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2006-1058
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
Busybox Busybox 1.1.1
Avaya Message Networking
Avaya Aura Sip Enablement Services
Avaya Aura Application Enablement Services 4.01
Avaya Aura Application Enablement Services 4.1
Avaya Messaging Storage Server
5.5
CVSSv3
CVE-2001-1494
script command in the util-linux package prior to 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
Kernel Util-linux
Avaya Cvlan
Avaya Interactive Response
Avaya Integrated Management Suit
Avaya Intuity Lx
Avaya Message Networking
Avaya Messaging Storage Server
1 Github repository
5.4
CVSSv3
CVE-2021-25656
Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 up to and including 7.2.3 (without hotfix) and 8.0.0 (witho...
Avaya Aura Experience Portal
Avaya Aura Experience Portal 8.0.0
5.4
CVSSv3
CVE-2020-7033
A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions prior to 9.1.10.
Avaya Equinox Conferencing
5.4
CVSSv3
CVE-2019-7004
A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions before 11.0, including unsupported ve...
Avaya Ip Office Application Server
5.4
CVSSv3
CVE-2018-15614
A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 up to ...
Avaya Ip Office 10.0
Avaya Ip Office 10.1
Avaya Ip Office 11.0
5.3
CVSSv3
CVE-2023-31186
Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy
Avaya Ix Workforce Engagement 15.2.7.1195
4.4
CVSSv3
CVE-2018-15615
A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.
Avaya Call Management System Supervisor 18.0.1.0
Avaya Call Management System Supervisor 18.0.2.0
Avaya Call Management System Supervisor 17.0.0
4.3
CVSSv3
CVE-2023-7031
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, before 8.1.2 patch 0402. Versions before...
Avaya Aura Experience Portal
NA
CVE-2022-29860
Critical vulnerabilities found in 'millions of Aruba and Avaya switches'
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »