Lucene search

AvayaCVELIST:CVE-2019-7000

HistoryJul 31, 2019 - 12:00 a.m.

CVE-2019-7000 Avaya Aura Conferencing XSS

2019-07-3100:00:00

CWE-79

avaya

www.cve.org

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

38.3%

JSON

A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated.

CNA Affected

[
  {
    "product": "Avaya Aura Conferencing",
    "vendor": "Avaya",
    "versions": [
      {
        "lessThan": "8.0.14",
        "status": "affected",
        "version": "8.x",
        "versionType": "custom"
      }
    ]
  }
]

References

downloads.avaya.com/css/P8/documents/101060208

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

38.3%

JSON

Related for CVELIST:CVE-2019-7000