exploitDog

CVE-2018-6635

Опубликовано: 05 фев. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 6

EPSS Низкий

Описание

System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896.

Ссылки

http://www.securityfocus.com/bid/102940
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040329
Third Party Advisory
VDB Entry
https://downloads.avaya.com/css/P8/documents/101038598
Vendor Advisory
http://www.securityfocus.com/bid/102940
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040329
Third Party Advisory
VDB Entry
https://downloads.avaya.com/css/P8/documents/101038598
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:avaya:aura:*:*:*:*:*:*:*:*

Версия до 7.1.1 (включая)

EPSS

Процентиль: 74%

0.00825

Низкий

7.5 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-326

Связанные уязвимости

GHSA-w9mx-v85v-3vx9

CVSS3: 7.5

github

больше 3 лет назад

System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896.

EPSS

Процентиль: 74%

0.00825

Низкий

7.5 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-326