Описание
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.
Ссылки
- Broken LinkThird Party AdvisoryVDB Entry
- Vendor Advisory
- Release NotesVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
EPSS
9.3 Critical
CVSS3
10 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
Связанные уязвимости
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.
EPSS
9.3 Critical
CVSS3
10 Critical
CVSS3
6.4 Medium
CVSS2