Avaya WebLM Improper Restriction of XML External Entity Reference

CVE-2020-7032

6.5MEDIUM

Key Information

Vendor
Avaya
Status
Weblm
System Manager
Vendor
CVE Published:
13 November 2020

Summary

An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2.

Affected Version(s)

WebLM = 8.0.x

WebLM < 7.1.3.6

WebLM < 8.1.2

References

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.