CVE-2011-3008

Опубликовано: 05 авг. 2011

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative access to these domain names, as demonstrated by alarm and log information.

Ссылки

http://support.avaya.com/css/P8/documents/100140483
Vendor Advisory
http://www.kb.cert.org/vuls/id/690315
US Government Resource
http://www.securityfocus.com/bid/48942
https://exchange.xforce.ibmcloud.com/vulnerabilities/68922
http://support.avaya.com/css/P8/documents/100140483
Vendor Advisory
http://www.kb.cert.org/vuls/id/690315
US Government Resource
http://www.securityfocus.com/bid/48942
https://exchange.xforce.ibmcloud.com/vulnerabilities/68922

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:avaya:secure_access_link_gateway:1.5:*:*:*:*:*:*:*

cpe:2.3:a:avaya:secure_access_link_gateway:1.8:*:*:*:*:*:*:*

cpe:2.3:a:avaya:secure_access_link_gateway:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00584

Низкий

5 Medium

CVSS2

Дефекты

CWE-16

Связанные уязвимости

GHSA-272x-wj83-g7hx

github

больше 3 лет назад