IPO Information Disclosure
CVE-2020-7030

5.5MEDIUM

Key Information:

Vendor

Avaya
Status
Ip Office
Vendor
CVE Published:
4 June 2020

What is CVE-2020-7030?

A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

IP Office 9.x

IP Office 10.0 < 10.1.0.8

IP Office 11.0 < 11.0.4.3

References

https://downloads.avaya.com/css/P8/documents/101067493
x_refsource_CONFIRM
http://packetstormsecurity.com/files/157957/Avaya-IP-Offi...
x_refsource_MISC
http://seclists.org/fulldisclosure/2020/Jun/12
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.