Avaya IP Office XSS Vulnerability

CVE-2019-7004

6.4MEDIUM

Key Information

Vendor: Avaya
Status: Ip Office Application Server
Vendor: CVE Published:; 12 December 2019

Summary

A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.

Affected Version(s)

IP Office Application Server <= 11.0 FP4 SP1

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: 5.4 to: 6.4 - (MEDIUM)
Feb 22, 2024
Vulnerability published.
Dec 12, 2019
Vulnerability Reserved.
Jan 28, 2019

Collectors

NVD DatabaseMitre Database