Search criteria
2 vulnerabilities found for Avaya Control Manager by Avaya
CVE-2019-7003 (GCVE-0-2019-7003)
Vulnerability from nvd – Published: 2019-07-11 18:37 – Updated: 2024-09-17 00:55
VLAI
Title
ACM SQL Injection
Summary
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.
Severity
9.3 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://downloads.avaya.com/css/P8/documents/101059368 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/109134 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Avaya | Avaya Control Manager |
Affected:
8.0.x prior to 8.0.4.0
Affected: 7.x |
Date Public
2019-07-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:38:32.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.avaya.com/css/P8/documents/101059368"
},
{
"name": "109134",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avaya Control Manager",
"vendor": "Avaya",
"versions": [
{
"status": "affected",
"version": "8.0.x prior to 8.0.4.0"
},
{
"status": "affected",
"version": "7.x"
}
]
}
],
"datePublic": "2019-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-12T15:06:09.000Z",
"orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"shortName": "avaya"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.avaya.com/css/P8/documents/101059368"
},
{
"name": "109134",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109134"
}
],
"source": {
"advisory": "ASA-2019-119"
},
"title": "ACM SQL Injection",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securityalerts@avaya.com",
"DATE_PUBLIC": "2019-07-09T23:00:00.000Z",
"ID": "CVE-2019-7003",
"STATE": "PUBLIC",
"TITLE": "ACM SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avaya Control Manager",
"version": {
"version_data": [
{
"version_value": "8.0.x prior to 8.0.4.0"
},
{
"version_value": "7.x"
}
]
}
}
]
},
"vendor_name": "Avaya"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.avaya.com/css/P8/documents/101059368",
"refsource": "CONFIRM",
"url": "https://downloads.avaya.com/css/P8/documents/101059368"
},
{
"name": "109134",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109134"
}
]
},
"source": {
"advisory": "ASA-2019-119"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"assignerShortName": "avaya",
"cveId": "CVE-2019-7003",
"datePublished": "2019-07-11T18:37:32.734Z",
"dateReserved": "2019-01-28T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:55:45.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7003 (GCVE-0-2019-7003)
Vulnerability from cvelistv5 – Published: 2019-07-11 18:37 – Updated: 2024-09-17 00:55
VLAI
Title
ACM SQL Injection
Summary
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.
Severity
9.3 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://downloads.avaya.com/css/P8/documents/101059368 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/109134 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Avaya | Avaya Control Manager |
Affected:
8.0.x prior to 8.0.4.0
Affected: 7.x |
Date Public
2019-07-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:38:32.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.avaya.com/css/P8/documents/101059368"
},
{
"name": "109134",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avaya Control Manager",
"vendor": "Avaya",
"versions": [
{
"status": "affected",
"version": "8.0.x prior to 8.0.4.0"
},
{
"status": "affected",
"version": "7.x"
}
]
}
],
"datePublic": "2019-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-12T15:06:09.000Z",
"orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"shortName": "avaya"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.avaya.com/css/P8/documents/101059368"
},
{
"name": "109134",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109134"
}
],
"source": {
"advisory": "ASA-2019-119"
},
"title": "ACM SQL Injection",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securityalerts@avaya.com",
"DATE_PUBLIC": "2019-07-09T23:00:00.000Z",
"ID": "CVE-2019-7003",
"STATE": "PUBLIC",
"TITLE": "ACM SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avaya Control Manager",
"version": {
"version_data": [
{
"version_value": "8.0.x prior to 8.0.4.0"
},
{
"version_value": "7.x"
}
]
}
}
]
},
"vendor_name": "Avaya"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.avaya.com/css/P8/documents/101059368",
"refsource": "CONFIRM",
"url": "https://downloads.avaya.com/css/P8/documents/101059368"
},
{
"name": "109134",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109134"
}
]
},
"source": {
"advisory": "ASA-2019-119"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"assignerShortName": "avaya",
"cveId": "CVE-2019-7003",
"datePublished": "2019-07-11T18:37:32.734Z",
"dateReserved": "2019-01-28T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:55:45.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}