Avaya Equinox Conferencing XXE vulnerability

CVE-2020-7037

8.1HIGH

Key Information

Vendor: Avaya
Status: Avaya Meetings Server
Vendor: CVE Published:; 28 April 2021

Summary

An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The affected versions of Avaya Equinox Conferencing includes all 9.x versions before 9.1.11. Equinox Conferencing is now offered as Avaya Meetings Server.

Affected Version(s)

Avaya Meetings Server <= 9.1.10

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Apr 28, 2021
Vulnerability Reserved.
Jan 14, 2020

Collectors

NVD DatabaseMitre Database