CVE-2019-7003

Name of the Vulnerable Software and Affected Versions Avaya Control Manager versions 7.x and 8.0.x prior to 8.0.4.0

Description A SQL injection issue in the reporting component could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system.

Recommendations For Avaya Control Manager versions 7.x and 8.0.x prior to 8.0.4.0, update to version 8.0.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the reporting component to minimize the risk of exploitation.