6.4

CVE-2008-6707

EPSS 0.42%
Published 10.04.2009 22:00:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."

Affected products Warnungen 0 Metrics 2 CWE 1 References 22

Data is provided by the National Vulnerability Database (NVD)

Avaya ≫ Sip Enablement Services Version3.0

Avaya ≫ Sip Enablement Services Version3.1

Avaya ≫ Sip Enablement Services Version3.1.1

Avaya ≫ Sip Enablement Services Version4.0

Avaya ≫ Communication Manager Version3.1

Avaya ≫ Communication Manager Version3.1.1

Avaya ≫ Communication Manager Version3.1.2

Avaya ≫ Communication Manager Version3.1.3

Avaya ≫ Communication Manager Version3.1.4

Avaya ≫ Communication Manager Version3.1.4 Updatesp1

Avaya ≫ Communication Manager Version3.1.4 Updatesp2

Avaya ≫ Communication Manager Version3.1.5

Avaya ≫ Communication Manager Version3.1.5 Updatesp0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.587

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/30751

http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm

Vendor Advisory

http://www.securityfocus.com/bid/29939

http://www.vupen.com/english/advisories/2008/1943/references

http://osvdb.org/46598

http://osvdb.org/46599

http://osvdb.org/46600

http://www.voipshield.com/research-details.php?id=86

http://www.voipshield.com/research-details.php?id=87

http://www.voipshield.com/research-details.php?id=88

http://www.voipshield.com/research-details.php?id=89

http://www.voipshield.com/research-details.php?id=90

http://www.voipshield.com/research-details.php?id=91

https://exchange.xforce.ibmcloud.com/vulnerabilities/43381

https://exchange.xforce.ibmcloud.com/vulnerabilities/43384

https://exchange.xforce.ibmcloud.com/vulnerabilities/43389

https://exchange.xforce.ibmcloud.com/vulnerabilities/43393

https://exchange.xforce.ibmcloud.com/vulnerabilities/43394

https://exchange.xforce.ibmcloud.com/vulnerabilities/43395

https://nvd.nist.gov/vuln/detail/CVE-2008-6707

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-6707

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-6707

EUVD