CVE-2008-6573

Name of the Vulnerable Software and Affected Versions Avaya Communication Manager versions 3.x through 5.0

Description The issue allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface. Additionally, remote authenticated users can execute arbitrary SQL commands via vectors related to permissions for SPIM profiles in the web interface and a crafted SIP request to the SIP server.

Recommendations For Avaya Communication Manager versions 3.x through 5.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.