CVE-2019-7000
Summary
| CVE | CVE-2019-7000 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-07-31 22:15:00 UTC |
| Updated | 2023-01-31 21:05:00 UTC |
| Description | A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Avaya | Aura Conferencing | 8.0 | - | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp10 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp11 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp12 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp13 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp2 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp4 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp5 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp7 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp8 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | - | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp10 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp11 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp12 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp13 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp2 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp4 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp5 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp7 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp8 | All | All |
| Application | Avaya | Aura Conferencing | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ASA-2019-134 | CONFIRM | downloads.avaya.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.