Vulnerabilities for Ip office (...) - CXSECURITY.COM

Vulnerabilities for 'Ip office'

2020-08-07

CVE-2019-7005

CWE-200

A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2.

2020-06-04

CVE-2020-7030

CWE-200

A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.

2019-11-15

CVE-2016-5285

CWE-476

Null pointer dereference vulnerability exists in K11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime in NSS before 3.26, which causes the TLS/SSL server using NSS to crash.

2019-05-10

CVE-2018-8812

CWE-20

An issue was discovered in Avaya one-X Portal for IP Office 9.1.2.0 and prior. The DownloadToLocalDriveServlet function from the AFA portal is only intended to download backup ZIP files from the server to the operator desktop; however, a malicious user capable of intercepting the HTTP request would be able to modify folder and filename parameters in order to get access to any file on the underlying operating system, as demonstrated by a folder=/etc/&filename=passwd query string. Additionally it could cause a DoS, as this functions also implements file deletion after downloading.

2019-01-23

CVE-2018-15614

CWE-79

A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1.

2018-09-12

CVE-2018-15610

CWE-22

A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.

2017-11-09

CVE-2017-11309

CWE-119

Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.

>>> Vendor: Avaya 114 Products

Predictive dialer system

Converged communications server

Ip600 media servers

Definity one media server

Modular messaging message storage server

Integrated management

Call management system server

Communication manager

Intuity audix lx

Network routing

Interactive response

Ip office phone manager

Tn2602ap ip media resource 320 circuit pack

Sip enablement services

4602sw ip phone

Message networking

Messaging storage server

Broadcast server

Secure access link gateway

Aura application server 5300

Ip office customer call reporter

Vsp operating system software

Ip office contact center

Aura orchestration designer

Orchestration designer

Call management system supervisor

One-x communicator

Aura conferencing standard edition

Basic call management system reporting desktop

Call management server supervisor

Callvisor asai lan

Computer telephony

Contact center express

Customer interaction express

Enterprise manager

Interaction center

Network reporting

Octelaccess(r) server

Octeldesignertm

Operational analyst

Outbound contact management

Unified communication center

Unified messenger (r)

Visual messenger tm

Visual vector client

Vpnmanagertm console

Control manager

Aura conferencing

Aura communication manager

Aura application enablement services

Aura communication manager messagint

Breeze platform

Call management system

See all Products for Vendor Avaya

Copyright 2024, cxsecurity.com