PT-2019-18407 · Avaya · Avaya Aura Conferencing

Ammarit Thongthua

Publicado

2019-07-31

Atualizado

2023-01-31

CVE-2019-7000

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Avaya Aura Conferencing versions prior to 8.0 SP14 (8.0.14)

Description A Cross-Site Scripting (XSS) issue in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information.

Recommendations For Avaya Aura Conferencing versions prior to 8.0 SP14 (8.0.14), update to version 8.0 SP14 (8.0.14) or later to resolve the issue. As a temporary workaround, consider restricting access to the Web UI to minimize the risk of exploitation.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-7000

Produtos afetados

Avaya Aura Conferencing

PT-2019-18407 · Avaya · Avaya Aura Conferencing

CVE-2019-7000

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3