Avaya WebLM Improper Restriction of XML External Entity Reference
CVE-2020-7032

6.5MEDIUM

Key Information:

Vendor

Avaya
Status
Weblm
System Manager
Vendor
CVE Published:
13 November 2020

What is CVE-2020-7032?

An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

System Manager 8.0.x

System Manager 7.0 < 7.1.3.6

System Manager 8.1 < 8.1.2

References

https://downloads.avaya.com/css/P8/documents/101072249
x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2020/Nov/31
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/160123/Avaya-Web-Lic...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.