Avaya IP Office XSS Vulnerability

CVE-2019-7004

6.4MEDIUM

Key Information

Vendor: Avaya
Status: Ip Office Application Server
Vendor: CVE Published:; 12 December 2019

Summary

A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.

Affected Version(s)

IP Office Application Server <= 11.0 FP4 SP1

References

https://support.avaya.com/css/P8/documents/101062833

x_refsource_CONFIRM

http://packetstormsecurity.com/files/156476/Avaya-IP-Offi...

x_refsource_MISC

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2019
Vulnerability Reserved
Jan 28, 2019

Collectors

NVD DatabaseMitre Database