CVE-2018-15615

Опубликовано: 24 сент. 2018

Источник: nvd

CVSS3: 7.2

CVSS3: 4.4

CVSS2: 2.1

EPSS Низкий

Описание

A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.

Ссылки

http://www.securityfocus.com/bid/105392
Third Party Advisory
VDB Entry
https://downloads.avaya.com/css/P8/documents/101052300
Vendor Advisory
http://www.securityfocus.com/bid/105392
Third Party Advisory
VDB Entry
https://downloads.avaya.com/css/P8/documents/101052300
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:avaya:call_management_system_supervisor:17.0.0:*:*:*:*:*:*:*

cpe:2.3:a:avaya:call_management_system_supervisor:18.0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:avaya:call_management_system_supervisor:18.0.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00056

Низкий

7.2 High

CVSS3

4.4 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-r9wc-jf2x-pw9x

CVSS3: 4.4

github

больше 3 лет назад

EPSS

Процентиль: 18%

0.00056

Низкий

7.2 High

CVSS3

4.4 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200