Avaya Aura System Manager CVSS Score: 8.8 Due to SQL Injection Vulnerability
CVE-2024-7477
6.7MEDIUM
Summary
A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database.
Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.
Affected Version(s)
Aura System Manager = 10.1.x.x
Aura System Manager = 10.2.x.x
References
CVSS V3.1
Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Collectors
NVD DatabaseMitre Database