Lucene search

[email protected]CVE-2019-7004

HistoryDec 12, 2019 - 12:15 a.m.

CVE-2019-7004

2019-12-1200:15:11

CWE-79

[email protected]

web.nvd.nist.gov

127

cve-2019-7004

cross-site scripting

xss

ip office application server

unauthorized code execution

sensitive information disclosure

nvd

security vulnerability

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

64.7%

JSON

A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.

Affected configurations

NVD

Node

avayaip_office_application_serverRange11.0–11.0.4.0

CPENameOperatorVersion
avaya:ip_office_application_serveravaya ip office application serverle11.0.4.0

CPE	Name	Operator	Version
avaya:ip_office_application_server	avaya ip office application server	le	11.0.4.0

CNA Affected

[
  {
    "product": "IP Office Application Server ",
    "vendor": "Avaya",
    "versions": [
      {
        "lessThanOrEqual": "11.0 FP4 SP1",
        "status": "affected",
        "version": "11.x",
        "versionType": "custom"
      }
    ]
  }
]