CVE-2020-7036
Summary
| CVE | CVE-2020-7036 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-04-23 21:15:00 UTC |
| Updated | 2021-04-30 16:51:00 UTC |
| Description | An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7. |
Risk And Classification
Problem Types: CWE-611
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Avaya | Callback Assist | All | All | All | All |
| Application | Avaya | Callback Assist | 4.7.1.1 | - | All | All |
| Application | Avaya | Callback Assist | 4.7.1.1 | patch1 | All | All |
| Application | Avaya | Callback Assist | 4.7.1.1 | patch2 | All | All |
| Application | Avaya | Callback Assist | 4.7.1.1 | patch3 | All | All |
| Application | Avaya | Callback Assist | 4.7.1.1 | patch4 | All | All |
| Application | Avaya | Callback Assist | 4.7.1.1 | patch5 | All | All |
| Application | Avaya | Callback Assist | 4.7.1.1 | patch6 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ASA-2021-030 | CONFIRM | downloads.avaya.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.