9 matches found
CVE-2020-7030
Avaya IP Office web interface is affected by CVE-2020-7030. Affected: IP Office components 9.x, 10.0–10.1.0.7, and 11.0–11.0.4.3. The vulnerability is a sensitive information disclosure due to issues in the web interface, with exploitation demonstrated via insecure transit/password disclosure (no...
CVE-2016-5285
CVE-2016-5285 is a NULL pointer dereference in Mozilla NSS caused by a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime. The vulnerability can allow a remote attacker to crash a TLS/SSL server (Denial of Service). Affected context in the provided documents includes NS...
CVE-2024-4196
CVE-2024-4196 – Avaya IP Office Web Control RPC/RCE issue. The vulnerability stems from improper input validation in the Web Control component of Avaya IP Office, enabling remote code execution via a crafted web request. Affected products: Avaya IP Office (Web Control) prior to version 11.1.3.1. ...
CVE-2021-25657
CVE-2021-25657 describes a local privilege-escalation vulnerability in Avaya IP Office Admin Lite and USB Creator, affecting version 11.1 Feature Pack 2 Service Pack 1 and earlier. The documented impact is that a local user may escalate privileges. The CVSS metrics in the sources flag high impact...
CVE-2017-11309
Summary of CVE-2017-11309 details : The issue is a buffer overflow in the SoftConsole client of Avaya IP Office prior to 10.1.1. A long response from a remote server can trigger the overflow, allowing arbitrary code execution on affected systems. The vulnerability affects the SoftConsole client c...
CVE-2018-15610
CVE-2018-15610 affects Avaya IP Office, specifically the one-X Portal component. An authenticated attacker can read and delete arbitrary files on the system. Affected versions include 9.1 (9.1 SP12) and 10.x (10.0 SP7, 10.1 SP2). The available documentation states the vulnerability and impacted s...
CVE-2019-7005
The CVE-2019-7005 entry concerns Avaya IP Office Web interface information disclosure. Affected products are IP Office versions 9.x, 10.0–10.1.0.7, and 11.0–11.0.4.2. The vulnerability enables a remote, unauthenticated attacker with network access to obtain sensitive information from the web inte...
CVE-2018-15614
The CVE-2018-15614 entry concerns a stored cross-site scripting (XSS) vulnerability in the one-X Portal component of Avaya IP Office. The issue allows an authenticated user to inject XSS via fields in the Conference Scheduler Service, potentially affecting other application users. Affected versio...
CVE-2024-4197
CVE-2024-4197 (Avaya IP Office One-X Portal) is an unrestricted file upload vulnerability that could enable remote command or code execution. Connected sources confirm affected software: Avaya IP Office prior to version 11.1.3.1, with the One-X component being the entry point. The underlying issu...