Avaya Aura System Manager CVSS Score: 8.8 Due to SQL Injection Vulnerability

CVE-2024-7477

6.7MEDIUM

Key Information

Vendor: Avaya
Status: Aura System Manager
Vendor: CVE Published:; 8 August 2024

Summary

A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.

Affected Version(s)

Aura System Manager = 10.1.x.x

Aura System Manager = 10.2.x.x

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 6.5 - (MEDIUM)
Aug 9, 2024
Vulnerability published.
Aug 8, 2024

Collectors

NVD DatabaseMitre Database