Known Vulnerabilities for products from Avaya
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Avaya".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Avaya can be found at device.report : Avaya
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-25657 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2022-09-02 | 2022-09-07 |
| CVE-2021-25656 | Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an ... | 5.4 - MEDIUM | 2021-06-24 | 2021-06-30 |
| CVE-2021-25655 | A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrust... | 6.1 - MEDIUM | 2021-06-24 | 2021-06-30 |
| CVE-2021-25654 | An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local use... | 7.8 - HIGH | 2021-06-25 | 2022-08-01 |
| CVE-2021-25653 | A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may... | 7.8 - HIGH | 2021-06-24 | 2022-04-26 |
| CVE-2021-25652 | An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualiz... | 5.5 - MEDIUM | 2021-06-24 | 2023-11-07 |
| CVE-2021-25651 | ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may p... | 7.8 - HIGH | 2021-06-24 | 2023-11-07 |
| CVE-2021-25650 | ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may p... | 8.8 - HIGH | 2021-06-24 | 2023-11-07 |
| CVE-2021-25649 | ** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerability was discovered in the directory and file management o... | 5.5 - MEDIUM | 2021-06-24 | 2023-11-07 |
| CVE-2020-7038 | A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthen... | 7.5 - HIGH | 2021-04-28 | 2023-11-07 |
| CVE-2020-7037 | An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authentic... | 8.1 - HIGH | 2021-04-28 | 2021-05-07 |
| CVE-2020-7036 | An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read acc... | 6.5 - MEDIUM | 2021-04-23 | 2021-04-30 |
| CVE-2020-7035 | An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow ... | 6.5 - MEDIUM | 2021-04-23 | 2021-04-30 |
| CVE-2020-7034 | A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote atta... | 8.8 - HIGH | 2021-04-23 | 2022-08-05 |
| CVE-2020-7033 | A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can a... | 5.4 - MEDIUM | 2020-11-13 | 2020-11-29 |
| CVE-2020-7032 | An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files ... | 6.5 - MEDIUM | 2020-11-13 | 2022-10-19 |
| CVE-2020-7030 | A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentia... | 5.5 - MEDIUM | 2020-06-04 | 2020-06-09 |
| CVE-2020-7029 | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Au... | 8.8 - HIGH | 2020-08-11 | 2020-08-17 |
| CVE-2019-7007 | A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Succe... | 8.6 - HIGH | 2020-02-28 | 2020-03-06 |
| CVE-2019-7006 | Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local a... | 5.5 - MEDIUM | 2019-02-27 | 2022-01-01 |
Known software with vulnerabilities from Avaya
| Type | Vendor | Product | Version |
|---|---|---|---|
| Hardware | Avaya | 4602sw Ip Phone | - |
| Hardware | Avaya | Ag250 | 2.0 |
| Application | Avaya | Agent Access | - |
| Application | Avaya | Argent Office | - |
| Application | Avaya | Aura | 7.0.0.0 |
| Application | Avaya | Aura Application Enablement Services | - |
| Application | Avaya | Aura Application Server 5300 | 1.0 |
| Application | Avaya | Aura Communication Manager | - |
| Application | Avaya | Aura Communication Manager Messaging | 7.0 |
| Application | Avaya | Aura Conferencing | - |
| Application | Avaya | Aura Conferencing Standard Edition | 6.0.0 |
| Application | Avaya | Aura Experience Portal | - |
| Application | Avaya | Aura Messaging | 6.3 |
| Application | Avaya | Aura Orchestration Designer | 6.0 |
| Application | Avaya | Aura Presence Services | 6.0 |
| Application | Avaya | Aura Session Manager | - |
| Application | Avaya | Aura System Manager | - |
| Application | Avaya | Aura System Platform | 1.1 |
| Application | Avaya | Aura Utility Services | - |
| Application | Avaya | Aura Voice Portal | 5.0 |