System Platform Web UI Deserialization

CVE-2018-15616

9CRITICAL

Key Information

Vendor: Avaya
Status: Avaya Aura® System Platform
Vendor: CVE Published:; 17 October 2018

Summary

A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2.

Affected Version(s)

Avaya Aura® System Platform <= 6.3.9

Avaya Aura® System Platform <= 6.4.2

References

https://downloads.avaya.com/css/P8/documents/101052865

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 17, 2018
Vulnerability Reserved
Aug 21, 2018

Collectors

NVD DatabaseMitre Database