Description

An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3.

Related CPE's

a

avaya

aura_orchestration_designer

Vulnerable

References

https://downloads.avaya.com/css/P8/documents/101075450

Vendor Advisory

https://downloads.avaya.com/css/P8/documents/101075450

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-611

[email protected]

Primary
CWE-611

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

8.1 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-23T19:15:08.057Z

4 years ago

Last modified

2024-11-21T04:36:31.510Z

1 year ago