9.8
CVE-2018-15616
- EPSS 3.51%
- Veröffentlicht 17.10.2018 18:29:01
- Zuletzt bearbeitet 21.11.2024 03:51:11
- Quelle securityalerts@avaya.com
- CVE-Watchlists
- Unerledigt
LoginSystem Platform Web UI Deserialization
A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Avaya ≫ Avaya Aura System Platform Version >= 6.3.0 <= 6.3.9
Avaya ≫ Avaya Aura System Platform Version >= 6.4.0 <= 6.4.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.51% | 0.877 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| securityalerts@avaya.com | 9 | 2.2 | 6 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.