Cross site request forgery (csrf)

2020-08-1123:15:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.4%

JSON

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.

CPENameOperatorVersion
aura_communication_managerge8.0
aura_communication_managerlt8.1.0.0
aura_communication_managerge7.0
aura_communication_managerle7.1.3.4
aura_messagingeq7.1 sp1
aura_messagingeq7.1
aura_messagingge7.0
aura_messaginglt7.1

Name	Operator	Version
aura_communication_manager	ge	8.0
aura_communication_manager	lt	8.1.0.0
aura_communication_manager	ge	7.0
aura_communication_manager	le	7.1.3.4
aura_messaging	eq	7.1 sp1
aura_messaging	eq	7.1
aura_messaging	ge	7.0
aura_messaging	lt	7.1

References

support.avaya.com/css/P8/documents/101070201