ACM SQL Injection

CVE-2019-7003

9.3CRITICAL

Key Information

Vendor
Avaya
Status
Avaya Control Manager
Vendor
CVE Published:
11 July 2019

Summary

A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.

Affected Version(s)

Avaya Control Manager = 8.0.x prior to 8.0.4.0

Avaya Control Manager = 7.x

References

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.