Avaya CVE 脆弱性と CVE 一覧(139)

製品(CPE): — CVE 件数: 139

Avaya 脆弱性概要

Avaya 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

一般的な弱点パターンには vendor risk memory corruption、vendor risk xxe、vendor risk csrf, and vendor risk open redirect があり、vendor surface production workloads の利用場面で vendor impact session compromise、vendor impact unexpected behavior, and vendor impact data exposure などのリスクが生じる可能性があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 120 / 139 CVE 件数
«« 先頭 « 前へ 1 / 7 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2025-49186 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. [email protected] 5.3 0.29% 2025-06-12 2026-06-17
CVE-2025-1041 An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0. [email protected] 9.9 0.35% 2025-06-10 2026-06-17
CVE-2024-12756 An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user. [email protected] 7.3 0.26% 2025-02-11 2026-06-17
CVE-2024-12755 A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information. [email protected] 7.9 0.29% 2025-02-11 2026-06-17
CVE-2024-7480 An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support. [email protected] 4.2 0.15% 2024-08-08 2026-06-17
CVE-2024-7477 A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database.  Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support. [email protected] 6.5 0.19% 2024-08-08 2026-06-17
CVE-2024-4197 An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1. [email protected] 9.9 0.78% 2024-06-25 2026-06-17
CVE-2024-4196 An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1. [email protected] 10.0 0.59% 2024-06-25 2026-06-17
CVE-2023-7031 Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support. [email protected] 5.7 0.34% 2024-01-17 2026-06-17
CVE-2023-3722 An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier. [email protected] 8.6 3.33% 2023-07-19 2026-06-17
CVE-2023-3527 A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.   [email protected] 6.8 0.54% 2023-07-18 2026-06-17
CVE-2023-32218 Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') [email protected] 6.1 0.34% 2023-05-30 2026-06-17
CVE-2023-31187 Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials [email protected] 6.5 0.47% 2023-05-30 2026-06-17
CVE-2023-31186 Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy [email protected] 5.3 0.45% 2023-05-30 2026-06-17
CVE-2022-38168 Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification. [email protected] 9.1 1.07% 2022-11-03 2026-06-17
CVE-2022-2249 Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0. [email protected] 7.7 0.19% 2022-10-12 2026-06-17
CVE-2022-2975 A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. [email protected] 7.7 0.20% 2022-10-06 2026-06-17
CVE-2021-25657 A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. [email protected] 7.8 0.25% 2022-09-01 2026-06-16
CVE-2021-25654 An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services. [email protected] 6.2 0.78% 2021-06-25 2026-06-16
CVE-2021-25656 Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). [email protected] 5.3 0.34% 2021-06-24 2026-06-16
«« 先頭 « 前へ 1 / 7 次へ »
cvelogic Threat Intelligence