Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Avaya Aura Application Enablement Services by Avaya

    CVE-2022-2975 (GCVE-0-2022-2975)

    Vulnerability from nvd – Published: 2022-10-06 00:00 – Updated: 2024-08-03 00:52
    VLAI
    Title
    Avaya Aura Application Enablement Services weak permissions in web application
    Summary
    A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Avaya Avaya Aura Application Enablement Services Affected: 10.1.x , ≤ 10.1.0.1 (custom)
    Affected: 8.x , ≤ 8.1.3.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.830Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://download.avaya.com/css/public/documents/101083688"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avaya Aura Application Enablement Services",
              "vendor": "Avaya",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.0.1",
                  "status": "affected",
                  "version": "10.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "8.1.3.4",
                  "status": "affected",
                  "version": "8.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
            "shortName": "avaya"
          },
          "references": [
            {
              "url": "https://download.avaya.com/css/public/documents/101083688"
            }
          ],
          "source": {
            "advisory": "ASA-2022-123",
            "defect": [
              "AES-28952",
              "AES-28953",
              "AES-28954"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Avaya Aura Application Enablement Services weak permissions in web application",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "assignerShortName": "avaya",
        "cveId": "CVE-2022-2975",
        "datePublished": "2022-10-06T00:00:00.000Z",
        "dateReserved": "2022-08-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2975 (GCVE-0-2022-2975)

    Vulnerability from cvelistv5 – Published: 2022-10-06 00:00 – Updated: 2024-08-03 00:52
    VLAI
    Title
    Avaya Aura Application Enablement Services weak permissions in web application
    Summary
    A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Avaya Avaya Aura Application Enablement Services Affected: 10.1.x , ≤ 10.1.0.1 (custom)
    Affected: 8.x , ≤ 8.1.3.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.830Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://download.avaya.com/css/public/documents/101083688"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avaya Aura Application Enablement Services",
              "vendor": "Avaya",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.0.1",
                  "status": "affected",
                  "version": "10.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "8.1.3.4",
                  "status": "affected",
                  "version": "8.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
            "shortName": "avaya"
          },
          "references": [
            {
              "url": "https://download.avaya.com/css/public/documents/101083688"
            }
          ],
          "source": {
            "advisory": "ASA-2022-123",
            "defect": [
              "AES-28952",
              "AES-28953",
              "AES-28954"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Avaya Aura Application Enablement Services weak permissions in web application",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "assignerShortName": "avaya",
        "cveId": "CVE-2022-2975",
        "datePublished": "2022-10-06T00:00:00.000Z",
        "dateReserved": "2022-08-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }