Avaya Aura Conferencing XSS

CVE-2019-7000

5.9MEDIUM

Key Information

Vendor: Avaya
Status: Avaya Aura Conferencing
Vendor: CVE Published:; 31 July 2019

Summary

A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated.

Affected Version(s)

Avaya Aura Conferencing < 8.0.14

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: 6.1 to: 5.9 - (MEDIUM)
Feb 22, 2024
Vulnerability published.
Jul 31, 2019
Vulnerability Reserved.
Jan 28, 2019

Collectors

NVD DatabaseMitre Database