Tom Farrant

**Name of the Vulnerable Software and Affected Versions** Avaya Aura System Manager versions 10.1.x.x through 10.2.x.x Avaya Aura System Manager versions prior to 10.1 **Description** A SQL injection issue was discovered, allowing a command line interface user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. **Recommendations** For versions 10.1.x.x through 10.2.x.x, update to a version that includes a fix for this issue. For versions prior to 10.1, consider upgrading to a supported version to mitigate the risk. As a temporary workaround, consider restricting administrative access to the command line interface until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Avaya Aura System Manager versions 10.1.x.x through 10.2.x.x **Description** An improper access control issue was found in Avaya Aura System Manager, allowing a command-line interface user with administrative privileges to read arbitrary files on the system. **Recommendations** For versions 10.1.x.x through 10.2.x.x, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.