M. Koplin

**Name of the Vulnerable Software and Affected Versions** Avaya WebLM versions 7.0 through 7.1.3.6 Avaya WebLM versions 8.0 through 8.1.2 **Description** An XML external entity (XXE) vulnerability in the Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. **Recommendations** For Avaya WebLM versions 7.0 through 7.1.3.6, update to a version later than 7.1.3.6 to resolve the issue. For Avaya WebLM versions 8.0 through 8.1.2, update to a version later than 8.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the admin interface to minimize the risk of exploitation.