Lucene search

K
cve[email protected]CVE-2008-6706
HistoryApr 10, 2009 - 10:00 p.m.

CVE-2008-6706

2009-04-1022:00:00
web.nvd.nist.gov
17
cve-2008-6706
avaya
sip enablement services
vulnerabilities
remote attack
sensitive information
nvd

7 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.006 Low

EPSS

Percentile

77.5%

Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts “subscriber table passwords,” (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts “subscriber table passwords.”

Affected configurations

NVD
Node
avayasip_enablement_servicesMatch3.0
OR
avayasip_enablement_servicesMatch3.1
OR
avayasip_enablement_servicesMatch3.1.1
OR
avayasip_enablement_servicesMatch4.0
AND
avayacommunication_managerMatch3.1
OR
avayacommunication_managerMatch3.1.1
OR
avayacommunication_managerMatch3.1.2
OR
avayacommunication_managerMatch3.1.3
OR
avayacommunication_managerMatch3.1.4
OR
avayacommunication_managerMatch3.1.4sp1
OR
avayacommunication_managerMatch3.1.4sp2
OR
avayacommunication_managerMatch3.1.5
OR
avayacommunication_managerMatch3.1.5sp0

7 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.006 Low

EPSS

Percentile

77.5%

Related for CVE-2008-6706