Lucene search

K
cve[email protected]CVE-2008-6707
HistoryApr 10, 2009 - 10:00 p.m.

CVE-2008-6707

2009-04-1022:00:00
CWE-287
web.nvd.nist.gov
20
avaya
sip
enablement
services
ses
web management
interface
authentication bypass
remote
attackers
sensitive information
restricted functionality
nvd
cve-2008-6707

6.8 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

77.5%

The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an “unnecessary default application,” (4) unspecified scripts in the states folder, (5) an unspecified “default application” that lists server configuration, and (6) “full system help.”

Affected configurations

NVD
Node
avayasip_enablement_servicesMatch3.0
OR
avayasip_enablement_servicesMatch3.1
OR
avayasip_enablement_servicesMatch3.1.1
OR
avayasip_enablement_servicesMatch4.0
AND
avayacommunication_managerMatch3.1
OR
avayacommunication_managerMatch3.1.1
OR
avayacommunication_managerMatch3.1.2
OR
avayacommunication_managerMatch3.1.3
OR
avayacommunication_managerMatch3.1.4
OR
avayacommunication_managerMatch3.1.4sp1
OR
avayacommunication_managerMatch3.1.4sp2
OR
avayacommunication_managerMatch3.1.5
OR
avayacommunication_managerMatch3.1.5sp0

6.8 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

77.5%

Related for CVE-2008-6707