Published: 13/11/2020 Updated: 19/10/2022

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 5.2 | Exploitability Score: 1.2

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P

An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 up to and including 7.1.3.6 and 8.0 up to and including 8.1.2.

Vulnerable Product	Search on Vulmon	Subscribe to Product
avaya aura system manager
avaya weblm

Avaya Web License Manager versions 6x, 70 through 7136, and 80 through 81200 suffer from a blind out-of-band XML external entity injection vulnerability ...

CWE-611 https://downloads.avaya.com/css/P8/documents/101072249 http://seclists.org/fulldisclosure/2020/Nov/31 http://packetstormsecurity.com/files/160123/Avaya-Web-License-Manager-XML-Injection.html https://sec-consult.com/vulnerability-lab/advisory/blind-out-of-band-xml-external-entity-injection-in-avaya-web-license-manager/https://nvd.nist.gov https://packetstormsecurity.com/files/160123/Avaya-Web-License-Manager-XML-Injection.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-7032

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect