Lucene search

AvayaCVE-2019-7000

HistoryJul 31, 2019 - 10:15 p.m.

CVE-2019-7000

2019-07-3122:15:13

CWE-79

avaya

web.nvd.nist.gov

cve-2019-7000

cross-site scripting

xss

avaya aura conferencing

web ui

code execution

information disclosure

vulnerability

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

38.1%

JSON

A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated.

Affected configurations

Nvd

Node

avayaaura_conferencingRange≤8.0

avayaaura_conferencingMatch8.0-

avayaaura_conferencingMatch8.0sp10

avayaaura_conferencingMatch8.0sp11

avayaaura_conferencingMatch8.0sp12

avayaaura_conferencingMatch8.0sp13

avayaaura_conferencingMatch8.0sp2

avayaaura_conferencingMatch8.0sp4

avayaaura_conferencingMatch8.0sp5

avayaaura_conferencingMatch8.0sp7

avayaaura_conferencingMatch8.0sp8

VendorProductVersionCPE
avayaaura_conferencing*cpe:2.3:a:avaya:aura_conferencing:*:*:*:*:*:*:*:*
avayaaura_conferencing8.0cpe:2.3:a:avaya:aura_conferencing:8.0:-:*:*:*:*:*:*
avayaaura_conferencing8.0cpe:2.3:a:avaya:aura_conferencing:8.0:sp10:*:*:*:*:*:*
avayaaura_conferencing8.0cpe:2.3:a:avaya:aura_conferencing:8.0:sp11:*:*:*:*:*:*
avayaaura_conferencing8.0cpe:2.3:a:avaya:aura_conferencing:8.0:sp12:*:*:*:*:*:*
avayaaura_conferencing8.0cpe:2.3:a:avaya:aura_conferencing:8.0:sp13:*:*:*:*:*:*
avayaaura_conferencing8.0cpe:2.3:a:avaya:aura_conferencing:8.0:sp2:*:*:*:*:*:*
avayaaura_conferencing8.0cpe:2.3:a:avaya:aura_conferencing:8.0:sp4:*:*:*:*:*:*
avayaaura_conferencing8.0cpe:2.3:a:avaya:aura_conferencing:8.0:sp5:*:*:*:*:*:*
avayaaura_conferencing8.0cpe:2.3:a:avaya:aura_conferencing:8.0:sp7:*:*:*:*:*:*

Vendor	Product	Version	CPE
avaya	aura_conferencing	*	cpe:2.3:a:avaya:aura_conferencing::::::::
avaya	aura_conferencing	8.0	cpe:2.3:a:avaya:aura_conferencing:8.0:-::::::
avaya	aura_conferencing	8.0	cpe:2.3:a:avaya:aura_conferencing:8.0:sp10::::::
avaya	aura_conferencing	8.0	cpe:2.3:a:avaya:aura_conferencing:8.0:sp11::::::
avaya	aura_conferencing	8.0	cpe:2.3:a:avaya:aura_conferencing:8.0:sp12::::::
avaya	aura_conferencing	8.0	cpe:2.3:a:avaya:aura_conferencing:8.0:sp13::::::
avaya	aura_conferencing	8.0	cpe:2.3:a:avaya:aura_conferencing:8.0:sp2::::::
avaya	aura_conferencing	8.0	cpe:2.3:a:avaya:aura_conferencing:8.0:sp4::::::
avaya	aura_conferencing	8.0	cpe:2.3:a:avaya:aura_conferencing:8.0:sp5::::::
avaya	aura_conferencing	8.0	cpe:2.3:a:avaya:aura_conferencing:8.0:sp7::::::

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "product": "Avaya Aura Conferencing",
    "vendor": "Avaya",
    "versions": [
      {
        "lessThan": "8.0.14",
        "status": "affected",
        "version": "8.x",
        "versionType": "custom"
      }
    ]
  }
]

References

downloads.avaya.com/css/P8/documents/101060208

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

38.1%

JSON

Related for CVE-2019-7000