6.1
CVE-2019-7000
- EPSS 0.36%
- Veröffentlicht 31.07.2019 22:15:13
- Zuletzt bearbeitet 21.11.2024 04:47:23
- Quelle securityalerts@avaya.com
- Teams Watchlist Login
- Unerledigt Login
A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Avaya ≫ Aura Conferencing Version <= 8.0
Avaya ≫ Aura Conferencing Version8.0 Update-
Avaya ≫ Aura Conferencing Version8.0 Updatesp10
Avaya ≫ Aura Conferencing Version8.0 Updatesp11
Avaya ≫ Aura Conferencing Version8.0 Updatesp12
Avaya ≫ Aura Conferencing Version8.0 Updatesp13
Avaya ≫ Aura Conferencing Version8.0 Updatesp2
Avaya ≫ Aura Conferencing Version8.0 Updatesp4
Avaya ≫ Aura Conferencing Version8.0 Updatesp5
Avaya ≫ Aura Conferencing Version8.0 Updatesp7
Avaya ≫ Aura Conferencing Version8.0 Updatesp8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.55 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
| securityalerts@avaya.com | 5.9 | 1.6 | 4.2 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.