Описание
An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 7.0 (включая) до 7.2.2 (включая)
cpe:2.3:a:avaya:aura_orchestration_designer:*:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00324
Низкий
8.1 High
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-611
CWE-611
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3.
EPSS
Процентиль: 55%
0.00324
Низкий
8.1 High
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-611
CWE-611