ACM SQL Injection

CVE-2019-7003

9.3CRITICAL

Key Information

Vendor: Avaya
Status: Avaya Control Manager
Vendor: CVE Published:; 11 July 2019

Summary

A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.

Affected Version(s)

Avaya Control Manager = 8.0.x prior to 8.0.4.0

Avaya Control Manager = 7.x

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Risk change from: 10 to: 9.3 - (CRITICAL)
Feb 22, 2024
Vulnerability published.
Jul 11, 2019
Vulnerability Reserved.
Jan 28, 2019

Collectors

NVD DatabaseMitre Database