Known Vulnerabilities for products from Avaya
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Avaya".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Avaya can be found at device.report : Avaya
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-32218 json | Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | 6.1 - MEDIUM | 2023-05-30 | 2023-06-02 |
| CVE-2023-31187 json | Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials | 6.5 - MEDIUM | 2023-05-30 | 2023-06-02 |
| CVE-2023-31186 json | Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy | 5.3 - MEDIUM | 2023-05-30 | 2023-06-02 |
| CVE-2023-7031 json | Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy | 4.3 - MEDIUM | 2024-01-17 | 2024-01-25 |
| CVE-2023-3722 json | An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote co... | 9.8 - CRITICAL | 2023-07-19 | 2023-07-28 |
| CVE-2023-3527 json | A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a ... | 6.8 - MEDIUM | 2023-07-18 | 2023-07-28 |
| CVE-2022-38168 json | ** UNSUPPPORTED WHEN ASSIGNED **Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version... | 9.1 - CRITICAL | 2022-11-03 | 2023-11-07 |
| CVE-2022-2975 json | A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allow... | 6.7 - MEDIUM | 2022-10-06 | 2022-12-02 |
| CVE-2022-2249 json | Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local adminis... | 6.7 - MEDIUM | 2022-10-12 | 2022-10-14 |
| CVE-2021-25657 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2022-09-02 | 2022-09-07 |
| CVE-2021-25656 json | Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an ... | 5.4 - MEDIUM | 2021-06-24 | 2021-06-30 |
| CVE-2021-25655 json | A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrust... | 6.1 - MEDIUM | 2021-06-24 | 2021-06-30 |
| CVE-2021-25654 json | An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local use... | 7.8 - HIGH | 2021-06-25 | 2022-08-01 |
| CVE-2021-25653 json | A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may... | 7.8 - HIGH | 2021-06-24 | 2022-04-26 |
| CVE-2021-25652 json | An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualiz... | 5.5 - MEDIUM | 2021-06-24 | 2023-11-07 |
| CVE-2021-25651 json | ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may p... | 7.8 - HIGH | 2021-06-24 | 2023-11-07 |
| CVE-2021-25650 json | ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may p... | 8.8 - HIGH | 2021-06-24 | 2023-11-07 |
| CVE-2021-25649 json | ** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerability was discovered in the directory and file management o... | 5.5 - MEDIUM | 2021-06-24 | 2023-11-07 |
| CVE-2020-7038 json | A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthen... | 7.5 - HIGH | 2021-04-28 | 2023-11-07 |
| CVE-2020-7037 json | An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authentic... | 8.1 - HIGH | 2021-04-28 | 2021-05-07 |
Known software with vulnerabilities from Avaya
| Type | Vendor | Product | Version |
|---|---|---|---|
| Hardware | Avaya | 4602sw Ip Phone | - |
| Hardware | Avaya | Ag250 | 2.0 |
| Application | Avaya | Agent Access | - |
| Application | Avaya | Argent Office | - |
| Application | Avaya | Aura | 7.0.0.0 |
| Application | Avaya | Aura Application Enablement Services | - |
| Application | Avaya | Aura Application Server 5300 | 1.0 |
| Application | Avaya | Aura Communication Manager | - |
| Application | Avaya | Aura Communication Manager Messaging | 7.0 |
| Application | Avaya | Aura Conferencing | - |
| Application | Avaya | Aura Conferencing Standard Edition | 6.0.0 |
| Application | Avaya | Aura Experience Portal | - |
| Application | Avaya | Aura Messaging | 6.3 |
| Application | Avaya | Aura Orchestration Designer | 6.0 |
| Application | Avaya | Aura Presence Services | 6.0 |
| Application | Avaya | Aura Session Manager | - |
| Application | Avaya | Aura System Manager | - |
| Application | Avaya | Aura System Platform | 1.1 |
| Application | Avaya | Aura Utility Services | - |
| Application | Avaya | Aura Voice Portal | 5.0 |