Skip to main content

Aura System Manager

3 CVEs product

Monthly

CVE-2024-7480 MEDIUM This Month

An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aura System Manager
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-7477 MEDIUM This Month

A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

SQLi Aura System Manager
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-7032 MEDIUM POC This Month

An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Aura System Manager Weblm
NVD
CVSS 3.1
6.5
EPSS
3.5%
EPSS 0% CVSS 4.4
MEDIUM This Month

An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aura System Manager
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

SQLi Aura System Manager
NVD
EPSS 4% CVSS 6.5
MEDIUM POC This Month

An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Aura System Manager +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy