Lucene search

AvayaCVELIST:CVE-2024-7477

HistoryAug 08, 2024 - 4:02 p.m.

CVE-2024-7477 Avaya Aura System Manager SQL injection vulnerability

2024-08-0816:02:43

CWE-89

avaya

www.cve.org

avaya aura system manager

sql injection

cve-2024-7477

cli user

administrative privileges

database

affected versions.

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database.

Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Aura System Manager",
    "vendor": "Avaya",
    "versions": [
      {
        "status": "affected",
        "version": "10.1.x.x"
      },
      {
        "status": "affected",
        "version": "10.2.x.x"
      }
    ]
  }
]

References

download.avaya.com/css/public/documents/101091159

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

Related for CVELIST:CVE-2024-7477