ACM SQL Injection
CVE-2019-7003

9.3CRITICAL

Key Information:

Vendor: Avaya
Status: Avaya Control Manager
Vendor: CVE Published:; 11 July 2019

What is CVE-2019-7003?

A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.

Affected Version(s)

Avaya Control Manager 8.0.x prior to 8.0.4.0

Avaya Control Manager 7.x

References

https://downloads.avaya.com/css/P8/documents/101059368

x_refsource_CONFIRM

http://www.securityfocus.com/bid/109134

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2019
Vulnerability Reserved
Jan 28, 2019