Improper access controls in IP Office one-X Portal
CVE-2018-15610
7.3HIGH
Summary
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.
Affected Version(s)
IP Office = 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2
References
CVSS V3.1
Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database