Alexander Levesque

**Name of the Vulnerable Software and Affected Versions** Avaya Aura Application Enablement Services versions 8.0.0.0 through 8.1.3.4 Avaya Aura Application Enablement Services versions 10.1.0.0 through 10.1.0.1 **Description** A vulnerability related to weak permissions was detected in the Avaya Aura Application Enablement Services web application. This issue allows an administrative user to modify accounts, leading to the execution of arbitrary code as the root user. **Recommendations** For versions 8.0.0.0 through 8.1.3.4, update to a version outside of this range to mitigate the risk. For versions 10.1.0.0 through 10.1.0.1, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting administrative access to the web application until a patch is available.