Avaya IP Office XSS Vulnerability
CVE-2019-7004

6.4MEDIUM

Key Information:

Vendor: Avaya
Status: Ip Office Application Server
Vendor: CVE Published:; 12 December 2019

What is CVE-2019-7004?

A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.

Affected Version(s)

IP Office Application Server 11.x <= 11.0 FP4 SP1

References

https://support.avaya.com/css/P8/documents/101062833

x_refsource_CONFIRM

http://packetstormsecurity.com/files/156476/Avaya-IP-Offi...

x_refsource_MISC

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2019
Vulnerability Reserved
Jan 28, 2019