Avaya Meetings Server Information Disclosure vulnerability

CVE-2020-7038

7.5HIGH

Key Information

Vendor: Avaya
Status: Avaya Meetings Management
Vendor: CVE Published:; 28 April 2021

Summary

A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server.

Affected Version(s)

Avaya Meetings Management < 3.17

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Apr 28, 2021
Vulnerability Reserved.
Jan 14, 2020

Collectors

NVD DatabaseMitre Database