Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avaya vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-7031
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, before 8.1.2 patch 0402. Versions before...
Avaya Aura Experience Portal
NA
CVE-2023-3722
An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and previous versions.
Avaya Aura Device Services
NA
CVE-2023-3527
A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to ...
Avaya Call Management System
NA
CVE-2023-32218
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Avaya Ix Workforce Engagement 15.2.7.1195
NA
CVE-2023-31186
Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy
Avaya Ix Workforce Engagement 15.2.7.1195
NA
CVE-2023-31187
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials
Avaya Ix Workforce Engagement 15.2.7.1195
NA
CVE-2022-38168
Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated malicious users to bypass the login page, access sensitive information, and reset user passwords via URL modification.
Avaya Scopia Pathfinder 10 Pts Firmware 8.3.7.0.4
Avaya Scopia Pathfinder 20 Pts Firmware 8.3.7.0.4
NA
CVE-2022-2249
Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 up to and including 8.1.3.3 and 10.1.0.0.
Avaya Aura Communication Manager 10.1.0.0
Avaya Aura Communication Manager
NA
CVE-2022-2975
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services v...
Avaya Aura Application Enablement Services
NA
CVE-2021-25657
A privilege escalation vulnerability exists in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and previous versions versions.
Avaya Ip Office
Avaya Ip Office 11.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »