Lucene search

AvayaCVELIST:CVE-2019-7005

HistoryAug 07, 2020 - 9:20 p.m.

CVE-2019-7005 Unauthenticated Information Disclosure Vulnerability in IP Office

2020-08-0721:20:12

CWE-200

avaya

www.cve.org

vulnerability

information disclosure

ip office

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.004

Percentile

73.4%

JSON

A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2.

CNA Affected

[
  {
    "product": "IP Office",
    "vendor": "Avaya",
    "versions": [
      {
        "lessThanOrEqual": "10.1.0.7",
        "status": "affected",
        "version": "10.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "11.0.4.2",
        "status": "affected",
        "version": "11.0",
        "versionType": "custom"
      }
    ]
  }
]

References

downloads.avaya.com/css/P8/documents/101070158

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.004

Percentile

73.4%

JSON

Related for CVELIST:CVE-2019-7005