Vulnerabilites related to avaya - communication_manager
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*", matchCriteriaId: "88F5C363-3A38-43FC-A06D-73E280AB844B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C4030E5D-BC15-481D-A15E-98FAE65130D9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "BBD119B9-FE11-4165-943D-119E906DC013", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "89F99C5C-C184-4A5C-B8BA-F558C4A38730", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", matchCriteriaId: "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*", matchCriteriaId: "9F0B0D66-9900-4B9A-A892-31B8607DA852", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D5DE700B-B830-445B-AF08-4AD28EF1BE58", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*", matchCriteriaId: "522FD345-91ED-4FE2-8069-028C3A2E3974", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*", matchCriteriaId: "3507CABD-74EE-4A53-9C09-AF38B3F218F0", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to \"viewing system logs.\"", }, { lang: "es", value: "Vulnerabilidad no especificada en el interfase de administración Web en Avaya Communication Manager v3.1.x anteriores a CM v3.1.4 SP2 y v4.0.x anteriores v4.0.3 SP1 permiten a usuarios remotos autentificados, ejecutar comandos de su elección a través de vectores desconocidos, relativo a \"viendo registros de sistema\".", }, ], id: "CVE-2008-6711", lastModified: "2024-11-21T00:57:16.523", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-04-10T22:00:00.750", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/30799", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/46581", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/29939", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=80", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/1944/references", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30799", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/46581", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=80", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1944/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*", matchCriteriaId: "28EC1F94-04F3-490A-8324-1EB60EEBAD4B", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "30D94958-0D13-4076-B6F0-61D505136789", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*", matchCriteriaId: "B22DA22E-54DA-46CF-B3AE-4B0900D8086A", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*", matchCriteriaId: "F90F496A-5D57-448F-A46F-E15F06CBFD01", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*", matchCriteriaId: "89B58983-633F-4D20-80AE-8E7EB865CF83", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*", matchCriteriaId: "34FD94C9-2352-4147-9BF2-A3CF841A159B", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*", matchCriteriaId: "19C8989C-D8A6-4AE9-99B6-F2DAE5999EB6", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*", matchCriteriaId: "7B6EE0E2-D608-4E72-A0E5-F407511405C2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*", matchCriteriaId: "33FD6791-3B84-40CA-BCF4-B5637B172F2A", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*", matchCriteriaId: "6DDD2F69-CFD4-4DEA-B43A-1337EEFA95A3", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*", matchCriteriaId: "0A80B17D-FD66-40BD-9ADC-FE7A3944A696", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*", matchCriteriaId: "713ADED4-CBE5-40C3-A128-99CFABF24560", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*", matchCriteriaId: "70FA0B8E-1A90-4939-871A-38B9E93BCCC1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*", matchCriteriaId: "83BDEAE5-29B9-48E3-93FA-F30832044C9A", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*", matchCriteriaId: "A2720E06-1B0E-4BFE-8C85-A17E597BB151", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*", matchCriteriaId: "3EE1DECF-36C7-4968-8B7A-7A2034C2A957", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*", matchCriteriaId: "B67BD173-8517-4E97-BC65-D9657C63601A", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*", matchCriteriaId: "B392A96F-FD2F-4073-8EED-EB31E1F20FE4", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*", matchCriteriaId: "E130104B-86F5-411E-8AC0-9B4B780BCA00", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*", matchCriteriaId: "0E62E621-74DA-4D99-A79C-AD2B85896A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*", matchCriteriaId: "2C577188-BD56-4571-A61A-1684DC9E9DD9", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*", matchCriteriaId: "5B3A4CD9-1E96-4D3B-938D-F2D15855B0DD", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:apache_mod_digest_apple:*:*:*:*:*:*:*:*", matchCriteriaId: "BB39F9C4-7783-451E-B83D-401EF043F678", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:1.1:*:*:*:*:*:*:*", matchCriteriaId: "497884DB-EF7C-4FC1-99A8-581A0348A57C", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "A0EC54C7-5358-4C80-8202-378050B255FB", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:2.0:*:*:*:*:*:*:*", matchCriteriaId: "CE74E0BF-739A-41A4-894C-A9B4BA23CAFC", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6372F030-0069-4994-9F79-7D99F39945CF", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:intuity_audix_lx:*:*:*:*:*:*:*:*", matchCriteriaId: "12D21889-2F4E-460B-AA92-4E910B7CBBDA", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:virtualvault:4.5:*:*:*:*:*:*:*", matchCriteriaId: "2609CA23-B892-428D-93D1-D210B8D5741D", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:virtualvault:4.6:*:*:*:*:*:*:*", matchCriteriaId: "129075F9-F03E-4298-8515-5A046816C7C8", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:virtualvault:4.7:*:*:*:*:*:*:*", matchCriteriaId: "79E7B549-B2AA-4587-84DE-ECDF4FE4BAFB", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:webproxy:a.02.00:*:*:*:*:*:*:*", matchCriteriaId: "35B53C86-D426-46F6-B5EE-D96517002905", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:webproxy:a.02.10:*:*:*:*:*:*:*", matchCriteriaId: "E4A8A75A-3F63-4468-8E51-AA65E4753C27", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:http_server:1.3.19:*:*:*:*:*:*:*", matchCriteriaId: "E5C3A030-EF04-4C82-BFD5-CF6459099B15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:mn100:*:*:*:*:*:*:*:*", matchCriteriaId: "D073442B-D7E7-4E07-AF2D-E22FE65B09A9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:network_routing:*:*:*:*:*:*:*:*", matchCriteriaId: "E942E0E7-0808-479C-B061-66119EBA12E3", vulnerable: true, }, { criteria: "cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*", matchCriteriaId: "E25F5CF2-F891-41CA-A40C-13966F72FDF8", vulnerable: true, }, { criteria: "cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*", matchCriteriaId: "7417958C-5321-41D6-9D1A-D16BF5511E81", vulnerable: true, }, { criteria: "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", matchCriteriaId: "9496279F-AB43-4B53-81A6-87C651ABC4BA", vulnerable: true, }, { criteria: "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*", matchCriteriaId: "BDA160D4-5CAB-44E7-880A-59DD98FEAD62", vulnerable: true, }, { criteria: "cpe:2.3:o:openbsd:openbsd:current:*:*:*:*:*:*:*", matchCriteriaId: "0370727F-1E37-4B82-8969-A2AC644632E8", vulnerable: true, }, { criteria: "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1E140F76-D078-4F58-89CF-3278CDCB9AF3", vulnerable: true, }, { criteria: "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "D9D76A8D-832B-411E-A458-186733C66010", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", matchCriteriaId: "1894C542-AA81-40A9-BF47-AE24C93C1ACB", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", matchCriteriaId: "A711CDC2-412C-499D-9FA6-7F25B06267C6", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", matchCriteriaId: "0B837BB7-5F62-4CD5-9C64-8553C28EA8A7", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", matchCriteriaId: "A2475113-CFE4-41C8-A86F-F2DA6548D224", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.", }, ], id: "CVE-2004-1082", lastModified: "2024-11-20T23:50:03.360", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-02-03T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ciac.org/ciac/bulletins/p-049.shtml", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/9571", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securitytracker.com/alerts/2004/Dec/1012414.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18347", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ciac.org/ciac/bulletins/p-049.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/9571", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securitytracker.com/alerts/2004/Dec/1012414.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18347", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 3.0 | |
| avaya | sip_enablement_services | 3.1 | |
| avaya | sip_enablement_services | 3.1.1 | |
| avaya | sip_enablement_services | 4.0 | |
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*", matchCriteriaId: "F8D4881F-650A-4FA1-B604-70EBBED41AE7", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*", matchCriteriaId: "F9EB9ECB-9ABF-40ED-9116-D3FE9FC73B38", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "43F41650-7E55-436A-9935-8CE88B428680", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*", matchCriteriaId: "7BFF25B3-B7C7-479C-8C2A-995E568C3395", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*", matchCriteriaId: "88F5C363-3A38-43FC-A06D-73E280AB844B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C4030E5D-BC15-481D-A15E-98FAE65130D9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "BBD119B9-FE11-4165-943D-119E906DC013", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "89F99C5C-C184-4A5C-B8BA-F558C4A38730", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", matchCriteriaId: "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*", matchCriteriaId: "423E4EEB-3D6F-449E-B623-C8D051E8FA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "87089C0E-2241-46A7-93EE-EC41D52A89C6", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*", matchCriteriaId: "5BD89D61-0B42-4DDE-99F1-71570A37A136", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of \"local data viewing or restoring parameters.\"", }, { lang: "es", value: "Vulnerabilidad no especificada en el interfase de administración web de Avaya SIP Enablement Services (SES)v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x, permite a usuarios remotos autentificados, ejecutar comandos de su elección a través de vectores no específicos, relativos a la configuración de \"viendo datos locales o restaurando parámetros\".", }, ], id: "CVE-2008-6709", lastModified: "2024-11-21T00:57:16.190", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-04-10T22:00:00.703", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/30751", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/46603", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/29939", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=78", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/46603", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=78", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.3 | |
| avaya | sip_enablement_services | 3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*", matchCriteriaId: "88F5C363-3A38-43FC-A06D-73E280AB844B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C4030E5D-BC15-481D-A15E-98FAE65130D9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "BBD119B9-FE11-4165-943D-119E906DC013", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "89F99C5C-C184-4A5C-B8BA-F558C4A38730", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "87089C0E-2241-46A7-93EE-EC41D52A89C6", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*", matchCriteriaId: "9F0B0D66-9900-4B9A-A892-31B8607DA852", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D5DE700B-B830-445B-AF08-4AD28EF1BE58", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*", matchCriteriaId: "522FD345-91ED-4FE2-8069-028C3A2E3974", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*", matchCriteriaId: "3507CABD-74EE-4A53-9C09-AF38B3F218F0", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*", matchCriteriaId: "F8D4881F-650A-4FA1-B604-70EBBED41AE7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of \"data viewing or restoring parameters.\"", }, { lang: "es", value: "Vulnerabilidad no especificada en el interfase de administración web de Avaya SIP Enablement Services (SES)v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x y v4.x, permite a usuarios remotos autentificados, obtener privilegios de root a través de vectores desconocidos relativos a la configuración de \"viendo datos locales o restaurando parámetros\".", }, ], id: "CVE-2008-6708", lastModified: "2024-11-21T00:57:16.027", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-04-10T22:00:00.687", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/46604", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/30751", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/29939", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=77", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/46604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=77", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-08-25 21:41
Modified
2024-11-21 00:50
Severity ?
Summary
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 5.0 | |
| avaya | s8300c_server | * | |
| avaya | communication_manager | 5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:sip_enablement_services:5.0:*:*:*:*:*:*:*", matchCriteriaId: "03BEFE21-9FAA-4DA0-9C75-A70C12A88123", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:avaya:s8300c_server:*:*:*:*:*:*:*:*", matchCriteriaId: "8030330C-BC31-485A-A93C-AEA910D4042C", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "84E2136B-6FE3-4548-A89D-444ED9393C22", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.", }, { lang: "es", value: "El interfaz remoto de gestión en SIP Enablement Services (SES) Server en Avaya SIP Enablement Services 5.0 y Communication Manager (CM) 5.0 en el S8300C con SES activado, continua con las actualizaciones de Core router incluso con un login no válido, lo que permite a atacantes remotos provocar una denegación de servicio (corte del servicio de mensajería) o bien obtener privilegios mediante una petición de actualización.", }, ], id: "CVE-2008-3778", lastModified: "2024-11-21T00:50:06.560", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-08-25T21:41:00.000", references: [ { source: "cve@mitre.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/30758", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44585", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/30758", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44585", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-04-01 22:30
Modified
2024-11-21 00:56
Severity ?
Summary
Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*", matchCriteriaId: "88F5C363-3A38-43FC-A06D-73E280AB844B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C4030E5D-BC15-481D-A15E-98FAE65130D9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "BBD119B9-FE11-4165-943D-119E906DC013", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "89F99C5C-C184-4A5C-B8BA-F558C4A38730", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", matchCriteriaId: "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*", matchCriteriaId: "423E4EEB-3D6F-449E-B623-C8D051E8FA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "87089C0E-2241-46A7-93EE-EC41D52A89C6", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*", matchCriteriaId: "5BD89D61-0B42-4DDE-99F1-71570A37A136", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*", matchCriteriaId: "9F0B0D66-9900-4B9A-A892-31B8607DA852", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D5DE700B-B830-445B-AF08-4AD28EF1BE58", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*", matchCriteriaId: "522FD345-91ED-4FE2-8069-028C3A2E3974", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*", matchCriteriaId: "3507CABD-74EE-4A53-9C09-AF38B3F218F0", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials.", }, { lang: "es", value: "Vulnerabilidad no especificada en SIP Enablement Services (SES) en Avaya Communication Manager 3.1.x y 4.x permite a atacantes remotos conseguir privilegios y provocar una denegación de servicio a través de vectores desconocidos relacionados con reutilizar credenciales válidas.", }, ], id: "CVE-2008-6574", lastModified: "2024-11-21T00:56:53.350", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-04-01T22:30:01.093", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/44288", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29744", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/28687", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=24", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/44288", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29744", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/28687", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-04-01 22:30
Modified
2024-11-21 00:56
Severity ?
Summary
Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | * | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B13FEC26-15CC-4F82-8C24-BBD9C3FBA80E", versionEndIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C4030E5D-BC15-481D-A15E-98FAE65130D9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "BBD119B9-FE11-4165-943D-119E906DC013", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "89F99C5C-C184-4A5C-B8BA-F558C4A38730", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", matchCriteriaId: "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*", matchCriteriaId: "423E4EEB-3D6F-449E-B623-C8D051E8FA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "87089C0E-2241-46A7-93EE-EC41D52A89C6", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*", matchCriteriaId: "5BD89D61-0B42-4DDE-99F1-71570A37A136", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*", matchCriteriaId: "9F0B0D66-9900-4B9A-A892-31B8607DA852", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "84E2136B-6FE3-4548-A89D-444ED9393C22", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.", }, { lang: "es", value: "Múltiples vulnerabilidades de inyección SQL en Avaya SIP Enablement Services (SES) en Avaya Avaya Communication Manager 3.x, 4.0, y 5.0 (1) permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados relacionados con perfiles en el SIP Personal Information Manager (SPIM) en la interfaz web; y permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través de vectores no especificados relacionados a (2) permisos para perfiles SPIM en la interfaz web y (3) una petición SIP manipulada en el servidor SIP.", }, ], id: "CVE-2008-6573", lastModified: "2024-11-21T00:56:53.163", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-04-01T22:30:00.187", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/44284", }, { source: "cve@mitre.org", url: "http://osvdb.org/44285", }, { source: "cve@mitre.org", url: "http://osvdb.org/44286", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29744", }, { source: "cve@mitre.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/28682", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=22", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=25", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=26", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/44284", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/44285", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/44286", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29744", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/28682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-07-09 00:41
Modified
2024-11-21 00:47
Severity ?
Summary
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 7.04 | |
| canonical | ubuntu_linux | 7.10 | |
| canonical | ubuntu_linux | 8.04 | |
| novell | linux_desktop | 9 | |
| opensuse | opensuse | 10.3 | |
| opensuse | opensuse | 11.0 | |
| suse | suse_linux_enterprise_desktop | 10 | |
| suse | suse_linux_enterprise_desktop | 10 | |
| suse | suse_linux_enterprise_server | 10 | |
| suse | suse_linux_enterprise_server | 10 | |
| debian | debian_linux | 4.0 | |
| avaya | communication_manager | * | |
| avaya | expanded_meet-me_conferencing | * | |
| avaya | intuity_audix_lx | 2.0 | |
| avaya | meeting_exchange | 5.0 | |
| avaya | message_networking | 3.1 | |
| avaya | messaging_storage_server | 4.0 | |
| avaya | proactive_contact | 4.0 | |
| avaya | sip_enablement_services | - | |
| avaya | sip_enablement_services | 4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "AFC9ED30-C7E9-498C-8936-4F59CF69C0CE", versionEndExcluding: "2.6.25.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", matchCriteriaId: "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", matchCriteriaId: "6EBDAFF8-DE44-4E80-B6BD-E341F767F501", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", matchCriteriaId: "823BF8BE-2309-4F67-A5E2-EAD98F723468", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", matchCriteriaId: "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*", matchCriteriaId: "5595E484-647C-4F85-94AB-5A4D55CD766B", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*", matchCriteriaId: "C35B68DF-1440-4587-8458-9C5F4D1E43F3", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*", matchCriteriaId: "1B42AB65-443B-4655-BAEA-4EB4A43D9509", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp1:*:*:*:*:*:*", matchCriteriaId: "44320836-E2DE-4A1C-9820-AFFA087FF7FB", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp2:*:*:*:*:*:*", matchCriteriaId: "14DF1463-F23F-465F-8A35-D550A7438CB6", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp1:*:*:*:*:*:*", matchCriteriaId: "15E235E9-EC31-4F3F-80F7-981C720FF353", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp2:*:*:*:*:*:*", matchCriteriaId: "02E6A767-B9A5-4054-BE70-286E0A464248", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", matchCriteriaId: "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "73143989-598B-499C-A6EB-53CE5EB1C1D4", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:expanded_meet-me_conferencing:*:*:*:*:*:*:*:*", matchCriteriaId: "D49128AC-48BC-4815-8AB8-2689D9D3EB24", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:intuity_audix_lx:2.0:*:*:*:*:*:*:*", matchCriteriaId: "96733234-88DB-45EB-ACFC-1BCA21BC89E8", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:meeting_exchange:5.0:*:*:*:*:*:*:*", matchCriteriaId: "BDC2D26E-86AE-4FA1-8CBF-A775F1B240AF", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:message_networking:3.1:*:*:*:*:*:*:*", matchCriteriaId: "E871348D-8FA1-4C77-BB8E-BECF9CF2FFD9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:messaging_storage_server:4.0:*:*:*:*:*:*:*", matchCriteriaId: "CB90E377-B821-4508-B1AB-B10F47975E54", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:proactive_contact:4.0:*:*:*:*:*:*:*", matchCriteriaId: "51C4F426-8D57-4DC8-AE52-2AEE80A57BAB", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:-:*:*:*:*:*:*:*", matchCriteriaId: "DB636851-8ED1-463C-BC6C-108E4F08F60F", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*", matchCriteriaId: "7BFF25B3-B7C7-479C-8C2A-995E568C3395", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.", }, { lang: "es", value: "El núcleo de Linux anterior a 2.6.25.10, no realiza de forma adecuada las operaciones tty, esto permite a usuarios locales provocar una denegación de servicio (caída del sistema) o posiblemente obtener privilegios mediante vectores que contienen referencias a puntero NULO en los punteros a funciones en (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, y (8) wireless/strip.c en drivers/net/.", }, ], id: "CVE-2008-2812", lastModified: "2024-11-21T00:47:45.920", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2008-07-09T00:41:00.000", references: [ { source: "secalert@redhat.com", url: "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/30982", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31048", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31202", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31229", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31341", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31551", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31614", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31685", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32103", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32370", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32759", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/33201", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1630", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2008/07/03/2", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0612.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0665.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0973.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/30076", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.vupen.com/english/advisories/2008/2063/references", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43687", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/637-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/30982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31048", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31229", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31341", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31551", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31614", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31685", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32370", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/33201", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1630", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2008/07/03/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0612.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0665.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0973.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/30076", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.vupen.com/english/advisories/2008/2063/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43687", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/637-1/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-04-01 22:30
Modified
2024-11-21 00:56
Severity ?
Summary
Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*", matchCriteriaId: "88F5C363-3A38-43FC-A06D-73E280AB844B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C4030E5D-BC15-481D-A15E-98FAE65130D9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "BBD119B9-FE11-4165-943D-119E906DC013", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "89F99C5C-C184-4A5C-B8BA-F558C4A38730", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", matchCriteriaId: "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*", matchCriteriaId: "423E4EEB-3D6F-449E-B623-C8D051E8FA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "87089C0E-2241-46A7-93EE-EC41D52A89C6", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*", matchCriteriaId: "5BD89D61-0B42-4DDE-99F1-71570A37A136", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*", matchCriteriaId: "9F0B0D66-9900-4B9A-A892-31B8607DA852", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D5DE700B-B830-445B-AF08-4AD28EF1BE58", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*", matchCriteriaId: "522FD345-91ED-4FE2-8069-028C3A2E3974", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*", matchCriteriaId: "3507CABD-74EE-4A53-9C09-AF38B3F218F0", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors.", }, { lang: "es", value: "Vulnerabilidad no especificada en el servidor SIP en SIP Enablement Services (SES) en Avaya Communication Manager 3.1.x y 4.x permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de recursos) a través de vectores desconocidos.", }, ], id: "CVE-2008-6575", lastModified: "2024-11-21T00:56:53.513", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-04-01T22:30:01.127", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/44287", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29744", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=23", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/44287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29744", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-03-16 22:19
Modified
2024-11-21 00:28
Severity ?
Summary
Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection").
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "83CE646B-36D5-4A66-B4BF-70E026AB8B7A", versionEndIncluding: "3.1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka \"shell command injection\").", }, { lang: "es", value: "Páginas web de mantenimiento no especificadas en Avaya S87XX, S8500, y S8300 versiones anteriores a CM 3.1.3, y Avaya SES permite a usuarios remotos autenticados ejecutar comandos de su elección mediante metacaracteres shell en vectores si especificar (también conocido como \"inyección de comando shell\").", }, ], id: "CVE-2007-1490", lastModified: "2024-11-21T00:28:26.533", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-03-16T22:19:00.000", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/24434", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2007-052.htm", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/33300", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/24434", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2007-052.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/33300", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-12-24 18:29
Modified
2024-11-21 00:54
Severity ?
Summary
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 4.0.3 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.1 | |
| avaya | communication_manager | 5.1 | |
| avaya | communication_manager | 5.1.1 | |
| avaya | communication_manager | 5.1.1 | |
| avaya | communication_manager | 5.1.2 | |
| avaya | communication_manager | 5.1.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*", matchCriteriaId: "88F5C363-3A38-43FC-A06D-73E280AB844B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C4030E5D-BC15-481D-A15E-98FAE65130D9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "BBD119B9-FE11-4165-943D-119E906DC013", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "89F99C5C-C184-4A5C-B8BA-F558C4A38730", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", matchCriteriaId: "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*", matchCriteriaId: "423E4EEB-3D6F-449E-B623-C8D051E8FA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "87089C0E-2241-46A7-93EE-EC41D52A89C6", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*", matchCriteriaId: "5BD89D61-0B42-4DDE-99F1-71570A37A136", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "84E2136B-6FE3-4548-A89D-444ED9393C22", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:5.0:sp1:*:*:*:*:*:*", matchCriteriaId: "FB4B7CCA-3961-48BC-ABFD-A608B39BD921", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:5.0:sp2:*:*:*:*:*:*", matchCriteriaId: "F9DD5F5B-5F44-422C-B9D9-731B53981BEB", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:5.0:sp3:*:*:*:*:*:*", matchCriteriaId: "AD401628-23D0-4CC0-8D30-B10910533003", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "0A32A986-3DB3-4CB5-AF52-12D83C4A6B95", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:5.1:sp1:*:*:*:*:*:*", matchCriteriaId: "223037D6-1345-4705-BB88-E814211D666D", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4ED0CFA4-C45E-465B-9F45-EB0742305CBC", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:5.1.1:sp1:*:*:*:*:*:*", matchCriteriaId: "22364E59-5248-43E3-8B6A-E646188F69E3", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:5.1.2:*:*:*:*:*:*:*", matchCriteriaId: "120EA1E2-EEF0-4FF6-960D-34FF9E88F2F3", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:5.1.2:sp0:*:*:*:*:*:*", matchCriteriaId: "ED8A8551-7374-4A21-B141-10BE4CEF222F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors.", }, { lang: "es", value: "Múltiples vulnerabilidades sin especificar en la interfaz de gestión web en Avaya Communication Manager (CM) 3.1.x, 4.0.3 y 5.x permite a atacantes remotos leer (1) archivos de configuración, (2) archivos de log, (3) archivos binarios de imagen y (4) archivos de ayuda mediante vectores desconocidos.", }, ], id: "CVE-2008-5710", lastModified: "2024-11-21T00:54:42.553", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-12-24T18:29:15.813", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32035", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/31639", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=123", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/2774", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45750", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32035", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/31639", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2774", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45750", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-16", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or restoring credentials."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.2 | |
| avaya | communication_manager | 4.0.2 | |
| avaya | communication_manager | 4.0.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*", matchCriteriaId: "88F5C363-3A38-43FC-A06D-73E280AB844B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C4030E5D-BC15-481D-A15E-98FAE65130D9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "BBD119B9-FE11-4165-943D-119E906DC013", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*", matchCriteriaId: "9F0B0D66-9900-4B9A-A892-31B8607DA852", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D5DE700B-B830-445B-AF08-4AD28EF1BE58", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*", matchCriteriaId: "522FD345-91ED-4FE2-8069-028C3A2E3974", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*", matchCriteriaId: "3507CABD-74EE-4A53-9C09-AF38B3F218F0", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "78F06597-F0EB-4753-BFFF-62A21EE230DE", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.2:sp1:*:*:*:*:*:*", matchCriteriaId: "D14829C8-3C05-426D-835B-355E4240B8EB", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to \"configuring data viewing or restoring credentials.\"", }, { lang: "es", value: "Vulnerabilidad no especificada en el interfase de administración web de Avaya Communication Manager v3.1.x anteriores a CM v3.1.4 SP2 y v4.0.x anteriores a v4.0.3 SP1 permite a administradores remotos autentificados, obtener privilegios de root a través de vectores no específicos, relativos a \"viendo datos de configuración o restaurando credenciales\".", }, ], id: "CVE-2008-6710", lastModified: "2024-11-21T00:57:16.363", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-04-10T22:00:00.733", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/30799", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/46582", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/29939", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=79", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/1944/references", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30799", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/46582", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=79", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1944/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-08-25 21:41
Modified
2024-11-21 00:50
Severity ?
Summary
The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 5.0 | |
| avaya | s8300c_server | * | |
| avaya | communication_manager | 5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:sip_enablement_services:5.0:*:*:*:*:*:*:*", matchCriteriaId: "03BEFE21-9FAA-4DA0-9C75-A70C12A88123", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:avaya:s8300c_server:*:*:*:*:*:*:*:*", matchCriteriaId: "8030330C-BC31-485A-A93C-AEA910D4042C", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "84E2136B-6FE3-4548-A89D-444ED9393C22", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.", }, { lang: "es", value: "SIP Enablement Services (SES) Server en Avaya SIP Enablement Services 5.0 y Communication Manager (CM) 5.0 en el S8300C con SES activado, escribe los nombres y contraseñas de cuenta en los logs (1) alarm y (2) system, durante los intentos fallidos de login, lo que permite a usuarios locales obtener credenciales leyendo estos logs.", }, ], id: "CVE-2008-3777", lastModified: "2024-11-21T00:50:06.407", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-08-25T21:41:00.000", references: [ { source: "cve@mitre.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/30758", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44586", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/30758", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44586", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 3.0 | |
| avaya | sip_enablement_services | 3.1 | |
| avaya | sip_enablement_services | 3.1.1 | |
| avaya | sip_enablement_services | 4.0 | |
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*", matchCriteriaId: "F8D4881F-650A-4FA1-B604-70EBBED41AE7", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*", matchCriteriaId: "F9EB9ECB-9ABF-40ED-9116-D3FE9FC73B38", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "43F41650-7E55-436A-9935-8CE88B428680", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*", matchCriteriaId: "7BFF25B3-B7C7-479C-8C2A-995E568C3395", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*", matchCriteriaId: "88F5C363-3A38-43FC-A06D-73E280AB844B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C4030E5D-BC15-481D-A15E-98FAE65130D9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "BBD119B9-FE11-4165-943D-119E906DC013", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "89F99C5C-C184-4A5C-B8BA-F558C4A38730", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", matchCriteriaId: "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*", matchCriteriaId: "423E4EEB-3D6F-449E-B623-C8D051E8FA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "87089C0E-2241-46A7-93EE-EC41D52A89C6", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*", matchCriteriaId: "5BD89D61-0B42-4DDE-99F1-71570A37A136", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \"unnecessary default application,\" (4) unspecified scripts in the states folder, (5) an unspecified \"default application\" that lists server configuration, and (6) \"full system help.\"", }, { lang: "es", value: "El interfase de administración web de Avaya SIP Enablement Services (SES) v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x no realiza autentificación para ciertas tareas, lo que permite a atacantes remotos obtener información sensible y acceso a funcionalidades restringidas a través de (1) la utilidad de instalación de certificados, (2) secuencias de comandos no específicas en el directorio de objetos, (3) una \"aplicación por defecto no necesaria\", (4) secuencias de código no específicas en el directorio \"States\",(5) una \"aplicación por defecto\" no específica que lista la configuración del servidor, y (6) \"ayuda del sistema completa\".", }, ], id: "CVE-2008-6707", lastModified: "2024-11-21T00:57:15.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-04-10T22:00:00.670", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/46598", }, { source: "cve@mitre.org", url: "http://osvdb.org/46599", }, { source: "cve@mitre.org", url: "http://osvdb.org/46600", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/30751", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/29939", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=86", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=87", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=88", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=89", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=90", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=91", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/46598", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/46599", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/46600", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=86", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=87", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=88", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=89", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=90", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=91", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 3.0 | |
| avaya | sip_enablement_services | 3.1 | |
| avaya | sip_enablement_services | 3.1.1 | |
| avaya | sip_enablement_services | 4.0 | |
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*", matchCriteriaId: "F8D4881F-650A-4FA1-B604-70EBBED41AE7", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*", matchCriteriaId: "F9EB9ECB-9ABF-40ED-9116-D3FE9FC73B38", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "43F41650-7E55-436A-9935-8CE88B428680", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*", matchCriteriaId: "7BFF25B3-B7C7-479C-8C2A-995E568C3395", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*", matchCriteriaId: "88F5C363-3A38-43FC-A06D-73E280AB844B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C4030E5D-BC15-481D-A15E-98FAE65130D9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "BBD119B9-FE11-4165-943D-119E906DC013", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "89F99C5C-C184-4A5C-B8BA-F558C4A38730", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", matchCriteriaId: "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*", matchCriteriaId: "423E4EEB-3D6F-449E-B623-C8D051E8FA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "87089C0E-2241-46A7-93EE-EC41D52A89C6", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*", matchCriteriaId: "5BD89D61-0B42-4DDE-99F1-71570A37A136", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts \"subscriber table passwords,\" (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts \"subscriber table passwords.\"", }, { lang: "es", value: "Múltiples vulnerabilidades no especificadas en el interfase de gestión web en Avaya SIP Enablement Services (SES) v3.x y v4.0, como los usados en Avaya Communicatión Manager v3.1.x, permite a atacantes remotos conseguir (1)configuración de la aplicación del servidor, (2) configuración del servidor de bases de datos, incluidas claves cifradas, (3) utilidad del sistema que desencripta \"claves de tablas de suscriptor\", (4) utilidad del sistema que desencripta las claves de la base de datos, y (5) una utilidad del sistema que encripta \"claves de tablas de suscriptor\".", }, ], id: "CVE-2008-6706", lastModified: "2024-11-21T00:57:15.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 7.8, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:C/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-04-10T22:00:00.640", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/46602", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/30751", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/29939", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=81", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=82", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=83", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=84", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=85", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/46602", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=81", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=82", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=83", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=84", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=85", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-12-24 18:29
Modified
2024-11-21 00:54
Severity ?
Summary
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.3 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C4030E5D-BC15-481D-A15E-98FAE65130D9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "BBD119B9-FE11-4165-943D-119E906DC013", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", matchCriteriaId: "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*", matchCriteriaId: "9F0B0D66-9900-4B9A-A892-31B8607DA852", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D5DE700B-B830-445B-AF08-4AD28EF1BE58", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*", matchCriteriaId: "522FD345-91ED-4FE2-8069-028C3A2E3974", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*", matchCriteriaId: "3507CABD-74EE-4A53-9C09-AF38B3F218F0", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "84E2136B-6FE3-4548-A89D-444ED9393C22", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:5.0:sp1:*:*:*:*:*:*", matchCriteriaId: "FB4B7CCA-3961-48BC-ABFD-A608B39BD921", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:5.0:sp2:*:*:*:*:*:*", matchCriteriaId: "F9DD5F5B-5F44-422C-B9D9-731B53981BEB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.", }, { lang: "es", value: "Múltiples vulnerabilidades sin especificar en la interfaz de gestión web en Avaya Communication Manager (CM) 3.1 antes de 3.1.4 SP2, 4.0 antes de 4.0.3 SP1 y 5.0 antes de 5.0 SP3 permite a usuarios remotamente autentificados ejecutar código de su elección mediante vectores de ataque desconocidos en los componentes (1) Set Static Routes y (2) Backup History.", }, ], id: "CVE-2008-5709", lastModified: "2024-11-21T00:54:42.390", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-12-24T18:29:15.780", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32204", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/31645", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=121", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=122", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/2772", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32204", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/31645", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2772", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2008-3778
Vulnerability from cvelistv5
Published
2008-08-25 21:00
Modified
2024-08-07 09:52
Severity ?
EPSS score ?
Summary
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44585 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/30758 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:52:59.274Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { name: "avaya-ses-servers-security-bypass(44585)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44585", }, { name: "30758", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/30758", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-08-19T00:00:00", descriptions: [ { lang: "en", value: "The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { name: "avaya-ses-servers-security-bypass(44585)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44585", }, { name: "30758", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/30758", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3778", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { name: "avaya-ses-servers-security-bypass(44585)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44585", }, { name: "30758", refsource: "BID", url: "http://www.securityfocus.com/bid/30758", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3778", datePublished: "2008-08-25T21:00:00", dateReserved: "2008-08-25T00:00:00", dateUpdated: "2024-08-07T09:52:59.274Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-6707
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:42
Severity ?
EPSS score ?
Summary
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T11:42:00.366Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2008-1943", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30751", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=86", }, { name: "avaya-ses-certificate-info-disclosure(43384)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384", }, { name: "46598", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/46598", }, { name: "avaya-ses-statesfolder-code-execution(43393)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=88", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=90", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=87", }, { name: "avaya-ses-objectsfolder-code-execution(43381)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29939", }, { name: "46599", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/46599", }, { name: "46600", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/46600", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=91", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=89", }, { name: "avaya-ses-application-info-disclosure(43394)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394", }, { name: "avaya-ses-help-information-disclosure(43395)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395", }, { name: "avaya-ses-application-unauth-access(43389)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-25T00:00:00", descriptions: [ { lang: "en", value: "The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \"unnecessary default application,\" (4) unspecified scripts in the states folder, (5) an unspecified \"default application\" that lists server configuration, and (6) \"full system help.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ADV-2008-1943", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30751", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=86", }, { name: "avaya-ses-certificate-info-disclosure(43384)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384", }, { name: "46598", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/46598", }, { name: "avaya-ses-statesfolder-code-execution(43393)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=88", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=90", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=87", }, { name: "avaya-ses-objectsfolder-code-execution(43381)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29939", }, { name: "46599", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/46599", }, { name: "46600", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/46600", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=91", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=89", }, { name: "avaya-ses-application-info-disclosure(43394)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394", }, { name: "avaya-ses-help-information-disclosure(43395)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395", }, { name: "avaya-ses-application-unauth-access(43389)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-6707", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \"unnecessary default application,\" (4) unspecified scripts in the states folder, (5) an unspecified \"default application\" that lists server configuration, and (6) \"full system help.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2008-1943", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", refsource: "SECUNIA", url: "http://secunia.com/advisories/30751", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "http://www.voipshield.com/research-details.php?id=86", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=86", }, { name: "avaya-ses-certificate-info-disclosure(43384)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384", }, { name: "46598", refsource: "OSVDB", url: "http://osvdb.org/46598", }, { name: "avaya-ses-statesfolder-code-execution(43393)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393", }, { name: "http://www.voipshield.com/research-details.php?id=88", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=88", }, { name: "http://www.voipshield.com/research-details.php?id=90", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=90", }, { name: "http://www.voipshield.com/research-details.php?id=87", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=87", }, { name: "avaya-ses-objectsfolder-code-execution(43381)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381", }, { name: "29939", refsource: "BID", url: "http://www.securityfocus.com/bid/29939", }, { name: "46599", refsource: "OSVDB", url: "http://osvdb.org/46599", }, { name: "46600", refsource: "OSVDB", url: "http://osvdb.org/46600", }, { name: "http://www.voipshield.com/research-details.php?id=91", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=91", }, { name: "http://www.voipshield.com/research-details.php?id=89", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=89", }, { name: "avaya-ses-application-info-disclosure(43394)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394", }, { name: "avaya-ses-help-information-disclosure(43395)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395", }, { name: "avaya-ses-application-unauth-access(43389)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-6707", datePublished: "2009-04-10T15:00:00", dateReserved: "2009-04-10T00:00:00", dateUpdated: "2024-08-07T11:42:00.366Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-6706
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T11:41:59.544Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2008-1943", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30751", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "avaya-ses-tablepasswords-info-disclosure(43382)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=81", }, { name: "avaya-ses-databaseserver-info-disclosure(43388)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=83", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=82", }, { name: "46602", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/46602", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=85", }, { name: "avaya-ses-databasepassword-info-disclosure(43387)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=84", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29939", }, { name: "avaya-ses-passwordencryption-info-disclosure(43383)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-25T00:00:00", descriptions: [ { lang: "en", value: "Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts \"subscriber table passwords,\" (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts \"subscriber table passwords.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ADV-2008-1943", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30751", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "avaya-ses-tablepasswords-info-disclosure(43382)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=81", }, { name: "avaya-ses-databaseserver-info-disclosure(43388)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=83", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=82", }, { name: "46602", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/46602", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=85", }, { name: "avaya-ses-databasepassword-info-disclosure(43387)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=84", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29939", }, { name: "avaya-ses-passwordencryption-info-disclosure(43383)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-6706", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts \"subscriber table passwords,\" (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts \"subscriber table passwords.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2008-1943", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", refsource: "SECUNIA", url: "http://secunia.com/advisories/30751", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "avaya-ses-tablepasswords-info-disclosure(43382)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382", }, { name: "http://www.voipshield.com/research-details.php?id=81", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=81", }, { name: "avaya-ses-databaseserver-info-disclosure(43388)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388", }, { name: "http://www.voipshield.com/research-details.php?id=83", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=83", }, { name: "http://www.voipshield.com/research-details.php?id=82", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=82", }, { name: "46602", refsource: "OSVDB", url: "http://osvdb.org/46602", }, { name: "http://www.voipshield.com/research-details.php?id=85", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=85", }, { name: "avaya-ses-databasepassword-info-disclosure(43387)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387", }, { name: "http://www.voipshield.com/research-details.php?id=84", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=84", }, { name: "29939", refsource: "BID", url: "http://www.securityfocus.com/bid/29939", }, { name: "avaya-ses-passwordencryption-info-disclosure(43383)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-6706", datePublished: "2009-04-10T15:00:00", dateReserved: "2009-04-10T00:00:00", dateUpdated: "2024-08-07T11:41:59.544Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-1490
Vulnerability from cvelistv5
Published
2007-03-16 22:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection").
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/24434 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/33300 | vdb-entry, x_refsource_OSVDB | |
| http://support.avaya.com/elmodocs2/security/ASA-2007-052.htm | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T12:59:08.559Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "24434", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24434", }, { name: "33300", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/33300", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2007-052.htm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-03-06T00:00:00", descriptions: [ { lang: "en", value: "Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka \"shell command injection\").", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2007-03-31T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "24434", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24434", }, { name: "33300", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/33300", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2007-052.htm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-1490", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka \"shell command injection\").", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "24434", refsource: "SECUNIA", url: "http://secunia.com/advisories/24434", }, { name: "33300", refsource: "OSVDB", url: "http://www.osvdb.org/33300", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2007-052.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2007-052.htm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-1490", datePublished: "2007-03-16T22:00:00", dateReserved: "2007-03-16T00:00:00", dateUpdated: "2024-08-07T12:59:08.559Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-1082
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-08 00:39
Severity ?
EPSS score ?
Summary
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18347 | vdb-entry, x_refsource_XF | |
| http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html | vendor-advisory, x_refsource_APPLE | |
| http://www.securitytracker.com/alerts/2004/Dec/1012414.html | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/9571 | vdb-entry, x_refsource_BID | |
| http://www.ciac.org/ciac/bulletins/p-049.shtml | third-party-advisory, government-resource, x_refsource_CIAC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:39:00.872Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "macos-moddigest-response-replay(18347)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18347", }, { name: "APPLE-SA-2004-12-02", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html", }, { name: "1012414", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/alerts/2004/Dec/1012414.html", }, { name: "9571", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/9571", }, { name: "P-049", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred", ], url: "http://www.ciac.org/ciac/bulletins/p-049.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-12-02T00:00:00", descriptions: [ { lang: "en", value: "mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "macos-moddigest-response-replay(18347)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18347", }, { name: "APPLE-SA-2004-12-02", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html", }, { name: "1012414", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/alerts/2004/Dec/1012414.html", }, { name: "9571", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/9571", }, { name: "P-049", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", ], url: "http://www.ciac.org/ciac/bulletins/p-049.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-1082", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "macos-moddigest-response-replay(18347)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18347", }, { name: "APPLE-SA-2004-12-02", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html", }, { name: "1012414", refsource: "SECTRACK", url: "http://www.securitytracker.com/alerts/2004/Dec/1012414.html", }, { name: "9571", refsource: "BID", url: "http://www.securityfocus.com/bid/9571", }, { name: "P-049", refsource: "CIAC", url: "http://www.ciac.org/ciac/bulletins/p-049.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-1082", datePublished: "2005-04-21T04:00:00", dateReserved: "2004-11-30T00:00:00", dateUpdated: "2024-08-08T00:39:00.872Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-6708
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/1943/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30751 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43390 | vdb-entry, x_refsource_XF | |
| http://www.voipshield.com/research-details.php?id=77 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/29939 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/46604 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T11:41:59.535Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2008-1943", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30751", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "avaya-ses-parameters-code-execution(43390)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=77", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29939", }, { name: "46604", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/46604", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-25T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of \"data viewing or restoring parameters.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ADV-2008-1943", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30751", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "avaya-ses-parameters-code-execution(43390)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=77", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29939", }, { name: "46604", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/46604", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-6708", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of \"data viewing or restoring parameters.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2008-1943", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", refsource: "SECUNIA", url: "http://secunia.com/advisories/30751", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "avaya-ses-parameters-code-execution(43390)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390", }, { name: "http://www.voipshield.com/research-details.php?id=77", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=77", }, { name: "29939", refsource: "BID", url: "http://www.securityfocus.com/bid/29939", }, { name: "46604", refsource: "OSVDB", url: "http://osvdb.org/46604", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-6708", datePublished: "2009-04-10T15:00:00", dateReserved: "2009-04-10T00:00:00", dateUpdated: "2024-08-07T11:41:59.535Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-5709
Vulnerability from cvelistv5
Published
2008-12-24 17:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45747 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/31645 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2008/2772 | vdb-entry, x_refsource_VUPEN | |
| http://www.voipshield.com/research-details.php?id=122 | x_refsource_MISC | |
| http://secunia.com/advisories/32204 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45749 | vdb-entry, x_refsource_XF | |
| http://www.voipshield.com/research-details.php?id=121 | x_refsource_MISC | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T11:04:43.568Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "avaya-cm-backuphistory-cmd-execution(45747)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747", }, { name: "31645", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/31645", }, { name: "ADV-2008-2772", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2772", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=122", }, { name: "32204", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32204", }, { name: "avaya-cm-setstatic-command-execution(45749)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=121", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-10-08T00:00:00", descriptions: [ { lang: "en", value: "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "avaya-cm-backuphistory-cmd-execution(45747)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747", }, { name: "31645", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/31645", }, { name: "ADV-2008-2772", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2772", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=122", }, { name: "32204", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32204", }, { name: "avaya-cm-setstatic-command-execution(45749)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=121", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-5709", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "avaya-cm-backuphistory-cmd-execution(45747)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747", }, { name: "31645", refsource: "BID", url: "http://www.securityfocus.com/bid/31645", }, { name: "ADV-2008-2772", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2772", }, { name: "http://www.voipshield.com/research-details.php?id=122", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=122", }, { name: "32204", refsource: "SECUNIA", url: "http://secunia.com/advisories/32204", }, { name: "avaya-cm-setstatic-command-execution(45749)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749", }, { name: "http://www.voipshield.com/research-details.php?id=121", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=121", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-5709", datePublished: "2008-12-24T17:00:00", dateReserved: "2008-12-24T00:00:00", dateUpdated: "2024-08-07T11:04:43.568Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-6709
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/1943/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30751 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm | x_refsource_CONFIRM | |
| http://www.osvdb.org/46603 | vdb-entry, x_refsource_OSVDB | |
| http://www.voipshield.com/research-details.php?id=78 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43380 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/29939 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T11:41:59.733Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2008-1943", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30751", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "46603", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/46603", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=78", }, { name: "avaya-ses-command-execution(43380)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29939", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-25T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of \"local data viewing or restoring parameters.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ADV-2008-1943", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30751", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "46603", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/46603", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=78", }, { name: "avaya-ses-command-execution(43380)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29939", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-6709", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of \"local data viewing or restoring parameters.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2008-1943", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", refsource: "SECUNIA", url: "http://secunia.com/advisories/30751", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "46603", refsource: "OSVDB", url: "http://www.osvdb.org/46603", }, { name: "http://www.voipshield.com/research-details.php?id=78", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=78", }, { name: "avaya-ses-command-execution(43380)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380", }, { name: "29939", refsource: "BID", url: "http://www.securityfocus.com/bid/29939", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-6709", datePublished: "2009-04-10T15:00:00", dateReserved: "2009-04-10T00:00:00", dateUpdated: "2024-08-07T11:41:59.733Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-6574
Vulnerability from cvelistv5
Published
2009-04-01 22:00
Modified
2024-08-07 11:34
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41734 | vdb-entry, x_refsource_XF | |
| http://www.voipshield.com/research-details.php?id=24 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/28687 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/44288 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/29744 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T11:34:47.075Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "avaya-ses-unspecified-unauthorized-access(41734)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=24", }, { name: "28687", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/28687", }, { name: "44288", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/44288", }, { name: "29744", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29744", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-04-01T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "avaya-ses-unspecified-unauthorized-access(41734)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=24", }, { name: "28687", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/28687", }, { name: "44288", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/44288", }, { name: "29744", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29744", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-6574", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "avaya-ses-unspecified-unauthorized-access(41734)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734", }, { name: "http://www.voipshield.com/research-details.php?id=24", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=24", }, { name: "28687", refsource: "BID", url: "http://www.securityfocus.com/bid/28687", }, { name: "44288", refsource: "OSVDB", url: "http://osvdb.org/44288", }, { name: "29744", refsource: "SECUNIA", url: "http://secunia.com/advisories/29744", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-6574", datePublished: "2009-04-01T22:00:00", dateReserved: "2009-04-01T00:00:00", dateUpdated: "2024-08-07T11:34:47.075Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-6575
Vulnerability from cvelistv5
Published
2009-04-01 22:00
Modified
2024-08-07 11:34
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49849 | vdb-entry, x_refsource_XF | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41734 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/44287 | vdb-entry, x_refsource_OSVDB | |
| http://www.voipshield.com/research-details.php?id=23 | x_refsource_MISC | |
| http://secunia.com/advisories/29744 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T11:34:47.121Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "avaya-ses-unspecified-dos(49849)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849", }, { name: "avaya-ses-unspecified-unauthorized-access(41734)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734", }, { name: "44287", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/44287", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=23", }, { name: "29744", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29744", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-04-01T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "avaya-ses-unspecified-dos(49849)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849", }, { name: "avaya-ses-unspecified-unauthorized-access(41734)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734", }, { name: "44287", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/44287", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=23", }, { name: "29744", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29744", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-6575", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "avaya-ses-unspecified-dos(49849)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849", }, { name: "avaya-ses-unspecified-unauthorized-access(41734)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734", }, { name: "44287", refsource: "OSVDB", url: "http://osvdb.org/44287", }, { name: "http://www.voipshield.com/research-details.php?id=23", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=23", }, { name: "29744", refsource: "SECUNIA", url: "http://secunia.com/advisories/29744", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-6575", datePublished: "2009-04-01T22:00:00", dateReserved: "2009-04-01T00:00:00", dateUpdated: "2024-08-07T11:34:47.121Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-6573
Vulnerability from cvelistv5
Published
2009-04-01 22:00
Modified
2024-08-07 11:34
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.voipshield.com/research-details.php?id=25 | x_refsource_MISC | |
| http://www.voipshield.com/research-details.php?id=26 | x_refsource_MISC | |
| http://www.voipshield.com/research-details.php?id=22 | x_refsource_MISC | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm | x_refsource_CONFIRM | |
| http://osvdb.org/44286 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41733 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/28682 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41730 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/44284 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/44285 | vdb-entry, x_refsource_OSVDB | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm | x_refsource_CONFIRM | |
| http://secunia.com/advisories/29744 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T11:34:47.182Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=25", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=26", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=22", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm", }, { name: "44286", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/44286", }, { name: "avaya-ses-sip-sql-injection(41733)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733", }, { name: "28682", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/28682", }, { name: "avaya-ses-spim-sql-injection(41730)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730", }, { name: "44284", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/44284", }, { name: "44285", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/44285", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm", }, { name: "29744", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29744", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-04-01T00:00:00", descriptions: [ { lang: "en", value: "Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=25", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=26", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=22", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm", }, { name: "44286", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/44286", }, { name: "avaya-ses-sip-sql-injection(41733)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733", }, { name: "28682", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/28682", }, { name: "avaya-ses-spim-sql-injection(41730)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730", }, { name: "44284", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/44284", }, { name: "44285", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/44285", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm", }, { name: "29744", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29744", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-6573", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.voipshield.com/research-details.php?id=25", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=25", }, { name: "http://www.voipshield.com/research-details.php?id=26", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=26", }, { name: "http://www.voipshield.com/research-details.php?id=22", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=22", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm", }, { name: "44286", refsource: "OSVDB", url: "http://osvdb.org/44286", }, { name: "avaya-ses-sip-sql-injection(41733)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733", }, { name: "28682", refsource: "BID", url: "http://www.securityfocus.com/bid/28682", }, { name: "avaya-ses-spim-sql-injection(41730)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730", }, { name: "44284", refsource: "OSVDB", url: "http://osvdb.org/44284", }, { name: "44285", refsource: "OSVDB", url: "http://osvdb.org/44285", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm", }, { name: "29744", refsource: "SECUNIA", url: "http://secunia.com/advisories/29744", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-6573", datePublished: "2009-04-01T22:00:00", dateReserved: "2009-04-01T00:00:00", dateUpdated: "2024-08-07T11:34:47.182Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-6710
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:42
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or restoring credentials."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/1944/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30799 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.voipshield.com/research-details.php?id=79 | x_refsource_MISC | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43386 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/29939 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/46582 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T11:42:00.463Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2008-1944", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1944/references", }, { name: "30799", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30799", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=79", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm", }, { name: "avaya-cm-interface-code-execution(43386)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29939", }, { name: "46582", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/46582", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-25T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to \"configuring data viewing or restoring credentials.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ADV-2008-1944", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1944/references", }, { name: "30799", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30799", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=79", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm", }, { name: "avaya-cm-interface-code-execution(43386)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29939", }, { name: "46582", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/46582", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-6710", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to \"configuring data viewing or restoring credentials.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2008-1944", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1944/references", }, { name: "30799", refsource: "SECUNIA", url: "http://secunia.com/advisories/30799", }, { name: "http://www.voipshield.com/research-details.php?id=79", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=79", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm", }, { name: "avaya-cm-interface-code-execution(43386)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386", }, { name: "29939", refsource: "BID", url: "http://www.securityfocus.com/bid/29939", }, { name: "46582", refsource: "OSVDB", url: "http://www.osvdb.org/46582", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-6710", datePublished: "2009-04-10T15:00:00", dateReserved: "2009-04-10T00:00:00", dateUpdated: "2024-08-07T11:42:00.463Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3777
Vulnerability from cvelistv5
Published
2008-08-25 21:00
Modified
2024-08-07 09:52
Severity ?
EPSS score ?
Summary
The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/30758 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44586 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:52:59.290Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { name: "30758", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/30758", }, { name: "avaya-ses-servers-info-disclosure(44586)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44586", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-08-19T00:00:00", descriptions: [ { lang: "en", value: "The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { name: "30758", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/30758", }, { name: "avaya-ses-servers-info-disclosure(44586)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44586", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3777", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { name: "30758", refsource: "BID", url: "http://www.securityfocus.com/bid/30758", }, { name: "avaya-ses-servers-info-disclosure(44586)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44586", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3777", datePublished: "2008-08-25T21:00:00", dateReserved: "2008-08-25T00:00:00", dateUpdated: "2024-08-07T09:52:59.290Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-2812
Vulnerability from cvelistv5
Published
2008-07-09 00:00
Modified
2024-08-07 09:14
Severity ?
EPSS score ?
Summary
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:14:14.939Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SA:2008:047", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html", }, { name: "DSA-1630", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1630", }, { name: "ADV-2008-2063", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2063/references", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788", }, { name: "SUSE-SA:2008:038", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html", }, { name: "USN-637-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/637-1/", }, { name: "SUSE-SA:2008:035", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html", }, { name: "[oss-security] 20080703 2.6.25.10 security fixes, please assign CVE id", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/07/03/2", }, { name: "31614", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31614", }, { name: "31685", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31685", }, { name: "31341", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31341", }, { name: "SUSE-SA:2008:052", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html", }, { name: "30982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30982", }, { name: "oval:org.mitre.oval:def:11632", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632", }, { name: "31551", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31551", }, { name: "RHSA-2008:0665", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0665.html", }, { name: "32103", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32103", }, { name: "31048", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31048", }, { name: "30076", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/30076", }, { name: "32759", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32759", }, { name: "kernel-tty-dos(43687)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43687", }, { name: "SUSE-SA:2008:037", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html", }, { name: "32370", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32370", }, { name: "RHSA-2008:0973", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0973.html", }, { name: "RHSA-2008:0612", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0612.html", }, { name: "31202", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31202", }, { name: "oval:org.mitre.oval:def:6633", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm", }, { name: "SUSE-SA:2008:049", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html", }, { name: "SUSE-SR:2008:025", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html", }, { name: "33201", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33201", }, { name: "31229", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31229", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-07-02T00:00:00", descriptions: [ { lang: "en", value: "The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-03T20:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "SUSE-SA:2008:047", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html", }, { name: "DSA-1630", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1630", }, { name: "ADV-2008-2063", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2063/references", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788", }, { name: "SUSE-SA:2008:038", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html", }, { name: "USN-637-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/637-1/", }, { name: "SUSE-SA:2008:035", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html", }, { name: "[oss-security] 20080703 2.6.25.10 security fixes, please assign CVE id", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/07/03/2", }, { name: "31614", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31614", }, { name: "31685", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31685", }, { name: "31341", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31341", }, { name: "SUSE-SA:2008:052", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html", }, { name: "30982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30982", }, { name: "oval:org.mitre.oval:def:11632", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632", }, { name: "31551", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31551", }, { name: "RHSA-2008:0665", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0665.html", }, { name: "32103", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32103", }, { name: "31048", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31048", }, { name: "30076", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/30076", }, { name: "32759", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32759", }, { name: "kernel-tty-dos(43687)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43687", }, { name: "SUSE-SA:2008:037", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html", }, { name: "32370", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32370", }, { name: "RHSA-2008:0973", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0973.html", }, { name: "RHSA-2008:0612", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0612.html", }, { name: "31202", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31202", }, { name: "oval:org.mitre.oval:def:6633", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm", }, { name: "SUSE-SA:2008:049", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html", }, { name: "SUSE-SR:2008:025", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html", }, { name: "33201", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33201", }, { name: "31229", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31229", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2008-2812", datePublished: "2008-07-09T00:00:00", dateReserved: "2008-06-20T00:00:00", dateUpdated: "2024-08-07T09:14:14.939Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-6711
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/1944/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30799 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.voipshield.com/research-details.php?id=80 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43391 | vdb-entry, x_refsource_XF | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/29939 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/46581 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T11:41:59.631Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2008-1944", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1944/references", }, { name: "30799", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30799", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=80", }, { name: "avaya-cm-log-command-execution(43391)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29939", }, { name: "46581", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/46581", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-25T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to \"viewing system logs.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ADV-2008-1944", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1944/references", }, { name: "30799", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30799", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=80", }, { name: "avaya-cm-log-command-execution(43391)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29939", }, { name: "46581", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/46581", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-6711", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to \"viewing system logs.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2008-1944", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1944/references", }, { name: "30799", refsource: "SECUNIA", url: "http://secunia.com/advisories/30799", }, { name: "http://www.voipshield.com/research-details.php?id=80", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=80", }, { name: "avaya-cm-log-command-execution(43391)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm", }, { name: "29939", refsource: "BID", url: "http://www.securityfocus.com/bid/29939", }, { name: "46581", refsource: "OSVDB", url: "http://www.osvdb.org/46581", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-6711", datePublished: "2009-04-10T15:00:00", dateReserved: "2009-04-10T00:00:00", dateUpdated: "2024-08-07T11:41:59.631Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-5710
Vulnerability from cvelistv5
Published
2008-12-24 17:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/2774 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45750 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/32035 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.voipshield.com/research-details.php?id=123 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/31639 | vdb-entry, x_refsource_BID | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T11:04:44.172Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2008-2774", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2774", }, { name: "avaya-cm-configuration-info-disclosure(45750)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45750", }, { name: "32035", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32035", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=123", }, { name: "31639", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/31639", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-10-08T00:00:00", descriptions: [ { lang: "en", value: "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ADV-2008-2774", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2774", }, { name: "avaya-cm-configuration-info-disclosure(45750)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45750", }, { name: "32035", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32035", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=123", }, { name: "31639", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/31639", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-5710", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2008-2774", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2774", }, { name: "avaya-cm-configuration-info-disclosure(45750)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45750", }, { name: "32035", refsource: "SECUNIA", url: "http://secunia.com/advisories/32035", }, { name: "http://www.voipshield.com/research-details.php?id=123", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=123", }, { name: "31639", refsource: "BID", url: "http://www.securityfocus.com/bid/31639", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-5710", datePublished: "2008-12-24T17:00:00", dateReserved: "2008-12-24T00:00:00", dateUpdated: "2024-08-07T11:04:44.172Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }