Lucene search
K
AvayaIp Office

9 matches found

CVE
CVE
added 2020/06/03 11:45 p.m.167 views

CVE-2020-7030

Avaya IP Office web interface is affected by CVE-2020-7030. Affected: IP Office components 9.x, 10.0–10.1.0.7, and 11.0–11.0.4.3. The vulnerability is a sensitive information disclosure due to issues in the web interface, with exploitation demonstrated via insecure transit/password disclosure (no...

5.5CVSS5.3AI score0.01EPSS
Web
CVE
CVE
added 2019/11/15 3:44 p.m.163 views

CVE-2016-5285

CVE-2016-5285 is a NULL pointer dereference in Mozilla NSS caused by a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime. The vulnerability can allow a remote attacker to crash a TLS/SSL server (Denial of Service). Affected context in the provided documents includes NS...

7.5CVSS7.2AI score0.02279EPSS
CVE
CVE
added 2024/06/25 4:0 a.m.105 views

CVE-2024-4196

CVE-2024-4196 – Avaya IP Office Web Control RPC/RCE issue. The vulnerability stems from improper input validation in the Web Control component of Avaya IP Office, enabling remote code execution via a crafted web request. Affected products: Avaya IP Office (Web Control) prior to version 11.1.3.1. ...

10CVSS9.7AI score0.00587EPSS
CVE
CVE
added 2022/09/02 1:5 a.m.79 views

CVE-2021-25657

CVE-2021-25657 describes a local privilege-escalation vulnerability in Avaya IP Office Admin Lite and USB Creator, affecting version 11.1 Feature Pack 2 Service Pack 1 and earlier. The documented impact is that a local user may escalate privileges. The CVSS metrics in the sources flag high impact...

7.8CVSS7.9AI score0.00246EPSS
CVE
CVE
added 2017/11/09 7:0 p.m.68 views

CVE-2017-11309

Summary of CVE-2017-11309 details : The issue is a buffer overflow in the SoftConsole client of Avaya IP Office prior to 10.1.1. A long response from a remote server can trigger the overflow, allowing arbitrary code execution on affected systems. The vulnerability affects the SoftConsole client c...

9.6CVSS9.6AI score0.09404EPSS
CVE
CVE
added 2018/09/12 9:0 p.m.59 views

CVE-2018-15610

CVE-2018-15610 affects Avaya IP Office, specifically the one-X Portal component. An authenticated attacker can read and delete arbitrary files on the system. Affected versions include 9.1 (9.1 SP12) and 10.x (10.0 SP7, 10.1 SP2). The available documentation states the vulnerability and impacted s...

9CVSS7.7AI score0.01845EPSS
CVE
CVE
added 2020/08/07 9:20 p.m.58 views

CVE-2019-7005

The CVE-2019-7005 entry concerns Avaya IP Office Web interface information disclosure. Affected products are IP Office versions 9.x, 10.0–10.1.0.7, and 11.0–11.0.4.2. The vulnerability enables a remote, unauthenticated attacker with network access to obtain sensitive information from the web inte...

7.5CVSS6.7AI score0.01195EPSS
CVE
CVE
added 2019/01/23 5:0 p.m.56 views

CVE-2018-15614

The CVE-2018-15614 entry concerns a stored cross-site scripting (XSS) vulnerability in the one-X Portal component of Avaya IP Office. The issue allows an authenticated user to inject XSS via fields in the Conference Scheduler Service, potentially affecting other application users. Affected versio...

6.8CVSS5.4AI score0.00621EPSS
CVE
CVE
added 2024/06/25 4:1 a.m.56 views

CVE-2024-4197

CVE-2024-4197 (Avaya IP Office One-X Portal) is an unrestricted file upload vulnerability that could enable remote command or code execution. Connected sources confirm affected software: Avaya IP Office prior to version 11.1.3.1, with the One-X component being the entry point. The underlying issu...

9.9CVSS9.8AI score0.00777EPSS