PT-2024-38373 · Avaya · Avaya Aura System Manager
Ben Leonard-Lagarde
+1
·
Published
2024-08-08
·
Updated
2024-09-11
·
CVE-2024-7477
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Avaya Aura System Manager versions 10.1.x.x through 10.2.x.x
Avaya Aura System Manager versions prior to 10.1
Description
A SQL injection issue was discovered, allowing a command line interface user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database.
Recommendations
For versions 10.1.x.x through 10.2.x.x, update to a version that includes a fix for this issue.
For versions prior to 10.1, consider upgrading to a supported version to mitigate the risk.
As a temporary workaround, consider restricting administrative access to the command line interface until a patch is available.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avaya Aura System Manager