RSS   Podatności dla 'Sip enablement services'   RSS

2009-04-10
 
CVE-2008-6709

 

 
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."

 
 
CVE-2008-6708

 

 
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters."

 
 
CVE-2008-6707

 

 
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."

 
 
CVE-2008-6706

 

 
Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."

 
2008-08-25
 
CVE-2008-3778

CWE-264
 

 
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.

 
 
CVE-2008-3777

CWE-200
 

 
The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.

 
2007-03-16
 
CVE-2007-1491

 

 
Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.

 

 >>> Vendor: Avaya 109 Produkty
Argent office
Libsafe
Cajun p550
Cajun p550r
Cajun p580
Cajun p880
Cajun p882
Cajun m770-atm
Cajun p130
Cajun p330
Predictive dialer system
Intuity audix
VSU
Converged communications server
S8300
S8500
S8700
Sg200
Sg203
Sg208
SG5
Ip600 media servers
Definity one media server
S8100
Modular messaging message storage server
Cvlan
Integrated management
Call management system server
S3400
Communication manager
Intuity audix lx
Mn100
Network routing
S8710
Interactive response
Ip office phone manager
Ip soft phone
Vpnremote
Wireless ap-3
Wireless ap-4
Wireless ap-5
Wireless ap-6
Wireless ap-7
Wireless ap-8
Tn2602ap ip media resource 320 circuit pack
Vsu 100
Vsu 10000
Vsu 2000
Vsu 7500
Csu 5000
Sip enablement services
Media server
One-x
4602sw ip phone
Voip handset
Message networking
Messaging storage server
Broadcast server
Secure access link gateway
Aura application server 5300
Ip office customer call reporter
Vsp operating system software
Ip office contact center
AURA
Aura orchestration designer
Orchestration designer
Ip office
Call management system supervisor
One-x communicator
Agent access
Aura conferencing standard edition
Basic call management system reporting desktop
Call management server supervisor
Callvisor asai lan
Computer telephony
Contact center express
Customer interaction express
Enterprise manager
Interaction center
Ip agent
Ip softphone
Network reporting
Octelaccess(r) server
Octeldesignertm
Operational analyst
Outbound contact management
Speech access
Unified communication center
Unified messenger (r)
Visual messenger tm
Visual vector client
Vpnmanagertm console
Web messenger
Control manager
Aura conferencing
Aura communication manager
Aura application enablement services
Aura communication manager messagint
Breeze platform
Call management system
Zobacz wszystkie produkty dla producenta Avaya


Copyright 2019, cxsecurity.com

 

Back to Top