Lucene search

AvayaCVELIST:CVE-2019-7003

HistoryJul 09, 2019 - 12:00 a.m.

CVE-2019-7003 ACM SQL Injection

2019-07-0900:00:00

CWE-89

avaya

www.cve.org

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

0.002 Low

EPSS

Percentile

55.9%

JSON

A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.

CNA Affected

[
  {
    "product": "Avaya Control Manager",
    "vendor": "Avaya",
    "versions": [
      {
        "status": "affected",
        "version": "8.0.x prior to 8.0.4.0"
      },
      {
        "status": "affected",
        "version": "7.x"
      }
    ]
  }
]

References

www.securityfocus.com/bid/109134

downloads.avaya.com/css/P8/documents/101059368

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

0.002 Low

EPSS

Percentile

55.9%

JSON

Related for CVELIST:CVE-2019-7003