Avaya Aura System Manager CVSS Score: 8.8 Due to SQL Injection Vulnerability

CVE-2024-7477

6.7MEDIUM

Key Information

Vendor
Avaya
Status
Aura System Manager
Vendor
CVE Published:
8 August 2024

Summary

A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. 

Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.

Affected Version(s)

Aura System Manager = 10.1.x.x

Aura System Manager = 10.2.x.x

References

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Collectors

NVD DatabaseMitre Database
.