Search criteria
48 vulnerabilities found for communication_manager by avaya
FKIE_CVE-2008-6707
Vulnerability from fkie_nvd - Published: 2009-04-10 22:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 3.0 | |
| avaya | sip_enablement_services | 3.1 | |
| avaya | sip_enablement_services | 3.1.1 | |
| avaya | sip_enablement_services | 4.0 | |
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D4881F-650A-4FA1-B604-70EBBED41AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EB9ECB-9ABF-40ED-9116-D3FE9FC73B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43F41650-7E55-436A-9935-8CE88B428680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFF25B3-B7C7-479C-8C2A-995E568C3395",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*",
"matchCriteriaId": "423E4EEB-3D6F-449E-B623-C8D051E8FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*",
"matchCriteriaId": "5BD89D61-0B42-4DDE-99F1-71570A37A136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \"unnecessary default application,\" (4) unspecified scripts in the states folder, (5) an unspecified \"default application\" that lists server configuration, and (6) \"full system help.\""
},
{
"lang": "es",
"value": "El interfase de administraci\u00f3n web de Avaya SIP Enablement Services (SES) v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x no realiza autentificaci\u00f3n para ciertas tareas, lo que permite a atacantes remotos obtener informaci\u00f3n sensible y acceso a funcionalidades restringidas a trav\u00e9s de (1) la utilidad de instalaci\u00f3n de certificados, (2) secuencias de comandos no espec\u00edficas en el directorio de objetos, (3) una \"aplicaci\u00f3n por defecto no necesaria\", (4) secuencias de c\u00f3digo no espec\u00edficas en el directorio \"States\",(5) una \"aplicaci\u00f3n por defecto\" no espec\u00edfica que lista la configuraci\u00f3n del servidor, y (6) \"ayuda del sistema completa\"."
}
],
"id": "CVE-2008-6707",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.670",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46598"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46599"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46600"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30751"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=86"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=87"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=88"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=89"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=90"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=91"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=87"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=89"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=90"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=91"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6711
Vulnerability from fkie_nvd - Published: 2009-04-10 22:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DE700B-B830-445B-AF08-4AD28EF1BE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*",
"matchCriteriaId": "522FD345-91ED-4FE2-8069-028C3A2E3974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*",
"matchCriteriaId": "3507CABD-74EE-4A53-9C09-AF38B3F218F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to \"viewing system logs.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el interfase de administraci\u00f3n Web en Avaya Communication Manager v3.1.x anteriores a CM v3.1.4 SP2 y v4.0.x anteriores v4.0.3 SP1 permiten a usuarios remotos autentificados, ejecutar comandos de su elecci\u00f3n a trav\u00e9s de vectores desconocidos, relativo a \"viendo registros de sistema\"."
}
],
"id": "CVE-2008-6711",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.750",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30799"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/46581"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=80"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/46581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6709
Vulnerability from fkie_nvd - Published: 2009-04-10 22:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 3.0 | |
| avaya | sip_enablement_services | 3.1 | |
| avaya | sip_enablement_services | 3.1.1 | |
| avaya | sip_enablement_services | 4.0 | |
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D4881F-650A-4FA1-B604-70EBBED41AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EB9ECB-9ABF-40ED-9116-D3FE9FC73B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43F41650-7E55-436A-9935-8CE88B428680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFF25B3-B7C7-479C-8C2A-995E568C3395",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*",
"matchCriteriaId": "423E4EEB-3D6F-449E-B623-C8D051E8FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*",
"matchCriteriaId": "5BD89D61-0B42-4DDE-99F1-71570A37A136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of \"local data viewing or restoring parameters.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el interfase de administraci\u00f3n web de Avaya SIP Enablement Services (SES)v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x, permite a usuarios remotos autentificados, ejecutar comandos de su elecci\u00f3n a trav\u00e9s de vectores no espec\u00edficos, relativos a la configuraci\u00f3n de \"viendo datos locales o restaurando par\u00e1metros\"."
}
],
"id": "CVE-2008-6709",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.703",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30751"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/46603"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=78"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/46603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6710
Vulnerability from fkie_nvd - Published: 2009-04-10 22:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or restoring credentials."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.2 | |
| avaya | communication_manager | 4.0.2 | |
| avaya | communication_manager | 4.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DE700B-B830-445B-AF08-4AD28EF1BE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*",
"matchCriteriaId": "522FD345-91ED-4FE2-8069-028C3A2E3974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*",
"matchCriteriaId": "3507CABD-74EE-4A53-9C09-AF38B3F218F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78F06597-F0EB-4753-BFFF-62A21EE230DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D14829C8-3C05-426D-835B-355E4240B8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to \"configuring data viewing or restoring credentials.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el interfase de administraci\u00f3n web de Avaya Communication Manager v3.1.x anteriores a CM v3.1.4 SP2 y v4.0.x anteriores a v4.0.3 SP1 permite a administradores remotos autentificados, obtener privilegios de root a trav\u00e9s de vectores no espec\u00edficos, relativos a \"viendo datos de configuraci\u00f3n o restaurando credenciales\"."
}
],
"id": "CVE-2008-6710",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.733",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30799"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/46582"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=79"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/46582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=79"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6706
Vulnerability from fkie_nvd - Published: 2009-04-10 22:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 3.0 | |
| avaya | sip_enablement_services | 3.1 | |
| avaya | sip_enablement_services | 3.1.1 | |
| avaya | sip_enablement_services | 4.0 | |
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D4881F-650A-4FA1-B604-70EBBED41AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EB9ECB-9ABF-40ED-9116-D3FE9FC73B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43F41650-7E55-436A-9935-8CE88B428680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFF25B3-B7C7-479C-8C2A-995E568C3395",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*",
"matchCriteriaId": "423E4EEB-3D6F-449E-B623-C8D051E8FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*",
"matchCriteriaId": "5BD89D61-0B42-4DDE-99F1-71570A37A136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts \"subscriber table passwords,\" (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts \"subscriber table passwords.\""
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en el interfase de gesti\u00f3n web en Avaya SIP Enablement Services (SES) v3.x y v4.0, como los usados en Avaya Communicati\u00f3n Manager v3.1.x, permite a atacantes remotos conseguir (1)configuraci\u00f3n de la aplicaci\u00f3n del servidor, (2) configuraci\u00f3n del servidor de bases de datos, incluidas claves cifradas, (3) utilidad del sistema que desencripta \"claves de tablas de suscriptor\", (4) utilidad del sistema que desencripta las claves de la base de datos, y (5) una utilidad del sistema que encripta \"claves de tablas de suscriptor\"."
}
],
"id": "CVE-2008-6706",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.640",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46602"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30751"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=81"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=82"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=83"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=84"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=85"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=81"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=82"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=85"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6708
Vulnerability from fkie_nvd - Published: 2009-04-10 22:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.3 | |
| avaya | sip_enablement_services | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DE700B-B830-445B-AF08-4AD28EF1BE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*",
"matchCriteriaId": "522FD345-91ED-4FE2-8069-028C3A2E3974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*",
"matchCriteriaId": "3507CABD-74EE-4A53-9C09-AF38B3F218F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D4881F-650A-4FA1-B604-70EBBED41AE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of \"data viewing or restoring parameters.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el interfase de administraci\u00f3n web de Avaya SIP Enablement Services (SES)v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x y v4.x, permite a usuarios remotos autentificados, obtener privilegios de root a trav\u00e9s de vectores desconocidos relativos a la configuraci\u00f3n de \"viendo datos locales o restaurando par\u00e1metros\"."
}
],
"id": "CVE-2008-6708",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.687",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46604"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30751"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=77"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=77"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6574
Vulnerability from fkie_nvd - Published: 2009-04-01 22:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*",
"matchCriteriaId": "423E4EEB-3D6F-449E-B623-C8D051E8FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*",
"matchCriteriaId": "5BD89D61-0B42-4DDE-99F1-71570A37A136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DE700B-B830-445B-AF08-4AD28EF1BE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*",
"matchCriteriaId": "522FD345-91ED-4FE2-8069-028C3A2E3974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*",
"matchCriteriaId": "3507CABD-74EE-4A53-9C09-AF38B3F218F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en SIP Enablement Services (SES) en Avaya Communication Manager 3.1.x y 4.x permite a atacantes remotos conseguir privilegios y provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores desconocidos relacionados con reutilizar credenciales v\u00e1lidas."
}
],
"id": "CVE-2008-6574",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-01T22:30:01.093",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/44288"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29744"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28687"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=24"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/44288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6575
Vulnerability from fkie_nvd - Published: 2009-04-01 22:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*",
"matchCriteriaId": "423E4EEB-3D6F-449E-B623-C8D051E8FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*",
"matchCriteriaId": "5BD89D61-0B42-4DDE-99F1-71570A37A136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DE700B-B830-445B-AF08-4AD28EF1BE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*",
"matchCriteriaId": "522FD345-91ED-4FE2-8069-028C3A2E3974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*",
"matchCriteriaId": "3507CABD-74EE-4A53-9C09-AF38B3F218F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el servidor SIP en SIP Enablement Services (SES) en Avaya Communication Manager 3.1.x y 4.x permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (consumo de recursos) a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-6575",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-01T22:30:01.127",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/44287"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29744"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=23"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/44287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6573
Vulnerability from fkie_nvd - Published: 2009-04-01 22:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | * | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B13FEC26-15CC-4F82-8C24-BBD9C3FBA80E",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*",
"matchCriteriaId": "423E4EEB-3D6F-449E-B623-C8D051E8FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*",
"matchCriteriaId": "5BD89D61-0B42-4DDE-99F1-71570A37A136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84E2136B-6FE3-4548-A89D-444ED9393C22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Avaya SIP Enablement Services (SES) en Avaya Avaya Communication Manager 3.x, 4.0, y 5.0 (1) permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados relacionados con perfiles en el SIP Personal Information Manager (SPIM) en la interfaz web; y permite a usuarios remotos autenticados ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados relacionados a (2) permisos para perfiles SPIM en la interfaz web y (3) una petici\u00f3n SIP manipulada en el servidor SIP."
}
],
"id": "CVE-2008-6573",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-01T22:30:00.187",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/44284"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/44285"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/44286"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29744"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28682"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=22"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=25"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=26"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/44284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/44285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/44286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-5710
Vulnerability from fkie_nvd - Published: 2008-12-24 18:29 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 4.0.3 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.1 | |
| avaya | communication_manager | 5.1 | |
| avaya | communication_manager | 5.1.1 | |
| avaya | communication_manager | 5.1.1 | |
| avaya | communication_manager | 5.1.2 | |
| avaya | communication_manager | 5.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*",
"matchCriteriaId": "423E4EEB-3D6F-449E-B623-C8D051E8FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*",
"matchCriteriaId": "5BD89D61-0B42-4DDE-99F1-71570A37A136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84E2136B-6FE3-4548-A89D-444ED9393C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FB4B7CCA-3961-48BC-ABFD-A608B39BD921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F9DD5F5B-5F44-422C-B9D9-731B53981BEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AD401628-23D0-4CC0-8D30-B10910533003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A32A986-3DB3-4CB5-AF52-12D83C4A6B95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "223037D6-1345-4705-BB88-E814211D666D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4ED0CFA4-C45E-465B-9F45-EB0742305CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.1.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "22364E59-5248-43E3-8B6A-E646188F69E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "120EA1E2-EEF0-4FF6-960D-34FF9E88F2F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.1.2:sp0:*:*:*:*:*:*",
"matchCriteriaId": "ED8A8551-7374-4A21-B141-10BE4CEF222F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades sin especificar en la interfaz de gesti\u00f3n web en Avaya Communication Manager (CM) 3.1.x, 4.0.3 y 5.x permite a atacantes remotos leer (1) archivos de configuraci\u00f3n, (2) archivos de log, (3) archivos binarios de imagen y (4) archivos de ayuda mediante vectores desconocidos."
}
],
"id": "CVE-2008-5710",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-24T18:29:15.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32035"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31639"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=123"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2774"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45750"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-5709
Vulnerability from fkie_nvd - Published: 2008-12-24 18:29 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.3 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DE700B-B830-445B-AF08-4AD28EF1BE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*",
"matchCriteriaId": "522FD345-91ED-4FE2-8069-028C3A2E3974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*",
"matchCriteriaId": "3507CABD-74EE-4A53-9C09-AF38B3F218F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84E2136B-6FE3-4548-A89D-444ED9393C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FB4B7CCA-3961-48BC-ABFD-A608B39BD921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F9DD5F5B-5F44-422C-B9D9-731B53981BEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades sin especificar en la interfaz de gesti\u00f3n web en Avaya Communication Manager (CM) 3.1 antes de 3.1.4 SP2, 4.0 antes de 4.0.3 SP1 y 5.0 antes de 5.0 SP3 permite a usuarios remotamente autentificados ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores de ataque desconocidos en los componentes (1) Set Static Routes y (2) Backup History."
}
],
"id": "CVE-2008-5709",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-24T18:29:15.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32204"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31645"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=121"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=122"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2772"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-6708 (GCVE-0-2008-6708)
Vulnerability from cvelistv5 – Published: 2009-04-10 15:00 – Updated: 2024-08-07 11:41
VLAI?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-parameters-code-execution(43390)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=77"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46604"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of \"data viewing or restoring parameters.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-parameters-code-execution(43390)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=77"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46604"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of \"data viewing or restoring parameters.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1943",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30751"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-parameters-code-execution(43390)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390"
},
{
"name": "http://www.voipshield.com/research-details.php?id=77",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=77"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46604",
"refsource": "OSVDB",
"url": "http://osvdb.org/46604"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6708",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6706 (GCVE-0-2008-6706)
Vulnerability from cvelistv5 – Published: 2009-04-10 15:00 – Updated: 2024-08-07 11:41
VLAI?
Summary
Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-tablepasswords-info-disclosure(43382)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=81"
},
{
"name": "avaya-ses-databaseserver-info-disclosure(43388)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=83"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=82"
},
{
"name": "46602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46602"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=85"
},
{
"name": "avaya-ses-databasepassword-info-disclosure(43387)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=84"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "avaya-ses-passwordencryption-info-disclosure(43383)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts \"subscriber table passwords,\" (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts \"subscriber table passwords.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-tablepasswords-info-disclosure(43382)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=81"
},
{
"name": "avaya-ses-databaseserver-info-disclosure(43388)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=83"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=82"
},
{
"name": "46602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46602"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=85"
},
{
"name": "avaya-ses-databasepassword-info-disclosure(43387)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=84"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "avaya-ses-passwordencryption-info-disclosure(43383)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts \"subscriber table passwords,\" (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts \"subscriber table passwords.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1943",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30751"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-tablepasswords-info-disclosure(43382)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382"
},
{
"name": "http://www.voipshield.com/research-details.php?id=81",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=81"
},
{
"name": "avaya-ses-databaseserver-info-disclosure(43388)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388"
},
{
"name": "http://www.voipshield.com/research-details.php?id=83",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=83"
},
{
"name": "http://www.voipshield.com/research-details.php?id=82",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=82"
},
{
"name": "46602",
"refsource": "OSVDB",
"url": "http://osvdb.org/46602"
},
{
"name": "http://www.voipshield.com/research-details.php?id=85",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=85"
},
{
"name": "avaya-ses-databasepassword-info-disclosure(43387)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387"
},
{
"name": "http://www.voipshield.com/research-details.php?id=84",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=84"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "avaya-ses-passwordencryption-info-disclosure(43383)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6706",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6709 (GCVE-0-2008-6709)
Vulnerability from cvelistv5 – Published: 2009-04-10 15:00 – Updated: 2024-08-07 11:41
VLAI?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "46603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/46603"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=78"
},
{
"name": "avaya-ses-command-execution(43380)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of \"local data viewing or restoring parameters.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "46603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/46603"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=78"
},
{
"name": "avaya-ses-command-execution(43380)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of \"local data viewing or restoring parameters.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1943",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30751"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "46603",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/46603"
},
{
"name": "http://www.voipshield.com/research-details.php?id=78",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=78"
},
{
"name": "avaya-ses-command-execution(43380)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6709",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6710 (GCVE-0-2008-6710)
Vulnerability from cvelistv5 – Published: 2009-04-10 15:00 – Updated: 2024-08-07 11:42
VLAI?
Summary
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or restoring credentials."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30799"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=79"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "avaya-cm-interface-code-execution(43386)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46582",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/46582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to \"configuring data viewing or restoring credentials.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30799"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=79"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "avaya-cm-interface-code-execution(43386)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46582",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/46582"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to \"configuring data viewing or restoring credentials.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30799"
},
{
"name": "http://www.voipshield.com/research-details.php?id=79",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=79"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "avaya-cm-interface-code-execution(43386)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46582",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/46582"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6710",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6707 (GCVE-0-2008-6707)
Vulnerability from cvelistv5 – Published: 2009-04-10 15:00 – Updated: 2024-08-07 11:42
VLAI?
Summary
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=86"
},
{
"name": "avaya-ses-certificate-info-disclosure(43384)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384"
},
{
"name": "46598",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46598"
},
{
"name": "avaya-ses-statesfolder-code-execution(43393)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=88"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=90"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=87"
},
{
"name": "avaya-ses-objectsfolder-code-execution(43381)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46599",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46599"
},
{
"name": "46600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=91"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=89"
},
{
"name": "avaya-ses-application-info-disclosure(43394)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394"
},
{
"name": "avaya-ses-help-information-disclosure(43395)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395"
},
{
"name": "avaya-ses-application-unauth-access(43389)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \"unnecessary default application,\" (4) unspecified scripts in the states folder, (5) an unspecified \"default application\" that lists server configuration, and (6) \"full system help.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=86"
},
{
"name": "avaya-ses-certificate-info-disclosure(43384)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384"
},
{
"name": "46598",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46598"
},
{
"name": "avaya-ses-statesfolder-code-execution(43393)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=88"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=90"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=87"
},
{
"name": "avaya-ses-objectsfolder-code-execution(43381)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46599",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46599"
},
{
"name": "46600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=91"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=89"
},
{
"name": "avaya-ses-application-info-disclosure(43394)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394"
},
{
"name": "avaya-ses-help-information-disclosure(43395)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395"
},
{
"name": "avaya-ses-application-unauth-access(43389)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \"unnecessary default application,\" (4) unspecified scripts in the states folder, (5) an unspecified \"default application\" that lists server configuration, and (6) \"full system help.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1943",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30751"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "http://www.voipshield.com/research-details.php?id=86",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=86"
},
{
"name": "avaya-ses-certificate-info-disclosure(43384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384"
},
{
"name": "46598",
"refsource": "OSVDB",
"url": "http://osvdb.org/46598"
},
{
"name": "avaya-ses-statesfolder-code-execution(43393)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393"
},
{
"name": "http://www.voipshield.com/research-details.php?id=88",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=88"
},
{
"name": "http://www.voipshield.com/research-details.php?id=90",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=90"
},
{
"name": "http://www.voipshield.com/research-details.php?id=87",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=87"
},
{
"name": "avaya-ses-objectsfolder-code-execution(43381)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46599",
"refsource": "OSVDB",
"url": "http://osvdb.org/46599"
},
{
"name": "46600",
"refsource": "OSVDB",
"url": "http://osvdb.org/46600"
},
{
"name": "http://www.voipshield.com/research-details.php?id=91",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=91"
},
{
"name": "http://www.voipshield.com/research-details.php?id=89",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=89"
},
{
"name": "avaya-ses-application-info-disclosure(43394)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394"
},
{
"name": "avaya-ses-help-information-disclosure(43395)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395"
},
{
"name": "avaya-ses-application-unauth-access(43389)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6707",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6711 (GCVE-0-2008-6711)
Vulnerability from cvelistv5 – Published: 2009-04-10 15:00 – Updated: 2024-08-07 11:41
VLAI?
Summary
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30799"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=80"
},
{
"name": "avaya-cm-log-command-execution(43391)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46581",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/46581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to \"viewing system logs.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30799"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=80"
},
{
"name": "avaya-cm-log-command-execution(43391)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46581",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/46581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to \"viewing system logs.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30799"
},
{
"name": "http://www.voipshield.com/research-details.php?id=80",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=80"
},
{
"name": "avaya-cm-log-command-execution(43391)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46581",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/46581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6711",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6575 (GCVE-0-2008-6575)
Vulnerability from cvelistv5 – Published: 2009-04-01 22:00 – Updated: 2024-08-07 11:34
VLAI?
Summary
Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "avaya-ses-unspecified-dos(49849)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849"
},
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"name": "44287",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44287"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=23"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "avaya-ses-unspecified-dos(49849)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849"
},
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"name": "44287",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44287"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=23"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "avaya-ses-unspecified-dos(49849)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849"
},
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"name": "44287",
"refsource": "OSVDB",
"url": "http://osvdb.org/44287"
},
{
"name": "http://www.voipshield.com/research-details.php?id=23",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=23"
},
{
"name": "29744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6575",
"datePublished": "2009-04-01T22:00:00",
"dateReserved": "2009-04-01T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6573 (GCVE-0-2008-6573)
Vulnerability from cvelistv5 – Published: 2009-04-01 22:00 – Updated: 2024-08-07 11:34
VLAI?
Summary
Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=22"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm"
},
{
"name": "44286",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44286"
},
{
"name": "avaya-ses-sip-sql-injection(41733)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733"
},
{
"name": "28682",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28682"
},
{
"name": "avaya-ses-spim-sql-injection(41730)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730"
},
{
"name": "44284",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44284"
},
{
"name": "44285",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44285"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=22"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm"
},
{
"name": "44286",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44286"
},
{
"name": "avaya-ses-sip-sql-injection(41733)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733"
},
{
"name": "28682",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28682"
},
{
"name": "avaya-ses-spim-sql-injection(41730)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730"
},
{
"name": "44284",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44284"
},
{
"name": "44285",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44285"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.voipshield.com/research-details.php?id=25",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=25"
},
{
"name": "http://www.voipshield.com/research-details.php?id=26",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=26"
},
{
"name": "http://www.voipshield.com/research-details.php?id=22",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=22"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm"
},
{
"name": "44286",
"refsource": "OSVDB",
"url": "http://osvdb.org/44286"
},
{
"name": "avaya-ses-sip-sql-injection(41733)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733"
},
{
"name": "28682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28682"
},
{
"name": "avaya-ses-spim-sql-injection(41730)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730"
},
{
"name": "44284",
"refsource": "OSVDB",
"url": "http://osvdb.org/44284"
},
{
"name": "44285",
"refsource": "OSVDB",
"url": "http://osvdb.org/44285"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm"
},
{
"name": "29744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6573",
"datePublished": "2009-04-01T22:00:00",
"dateReserved": "2009-04-01T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6574 (GCVE-0-2008-6574)
Vulnerability from cvelistv5 – Published: 2009-04-01 22:00 – Updated: 2024-08-07 11:34
VLAI?
Summary
Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=24"
},
{
"name": "28687",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28687"
},
{
"name": "44288",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44288"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=24"
},
{
"name": "28687",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28687"
},
{
"name": "44288",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44288"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"name": "http://www.voipshield.com/research-details.php?id=24",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=24"
},
{
"name": "28687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28687"
},
{
"name": "44288",
"refsource": "OSVDB",
"url": "http://osvdb.org/44288"
},
{
"name": "29744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6574",
"datePublished": "2009-04-01T22:00:00",
"dateReserved": "2009-04-01T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5710 (GCVE-0-2008-5710)
Vulnerability from cvelistv5 – Published: 2008-12-24 17:00 – Updated: 2024-08-07 11:04
VLAI?
Summary
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2774",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2774"
},
{
"name": "avaya-cm-configuration-info-disclosure(45750)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45750"
},
{
"name": "32035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32035"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=123"
},
{
"name": "31639",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31639"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2774",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2774"
},
{
"name": "avaya-cm-configuration-info-disclosure(45750)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45750"
},
{
"name": "32035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32035"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=123"
},
{
"name": "31639",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31639"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2774",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2774"
},
{
"name": "avaya-cm-configuration-info-disclosure(45750)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45750"
},
{
"name": "32035",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32035"
},
{
"name": "http://www.voipshield.com/research-details.php?id=123",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=123"
},
{
"name": "31639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31639"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5710",
"datePublished": "2008-12-24T17:00:00",
"dateReserved": "2008-12-24T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6708 (GCVE-0-2008-6708)
Vulnerability from nvd – Published: 2009-04-10 15:00 – Updated: 2024-08-07 11:41
VLAI?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-parameters-code-execution(43390)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=77"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46604"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of \"data viewing or restoring parameters.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-parameters-code-execution(43390)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=77"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46604"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of \"data viewing or restoring parameters.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1943",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30751"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-parameters-code-execution(43390)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390"
},
{
"name": "http://www.voipshield.com/research-details.php?id=77",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=77"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46604",
"refsource": "OSVDB",
"url": "http://osvdb.org/46604"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6708",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6706 (GCVE-0-2008-6706)
Vulnerability from nvd – Published: 2009-04-10 15:00 – Updated: 2024-08-07 11:41
VLAI?
Summary
Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-tablepasswords-info-disclosure(43382)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=81"
},
{
"name": "avaya-ses-databaseserver-info-disclosure(43388)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=83"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=82"
},
{
"name": "46602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46602"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=85"
},
{
"name": "avaya-ses-databasepassword-info-disclosure(43387)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=84"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "avaya-ses-passwordencryption-info-disclosure(43383)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts \"subscriber table passwords,\" (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts \"subscriber table passwords.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-tablepasswords-info-disclosure(43382)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=81"
},
{
"name": "avaya-ses-databaseserver-info-disclosure(43388)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=83"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=82"
},
{
"name": "46602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46602"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=85"
},
{
"name": "avaya-ses-databasepassword-info-disclosure(43387)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=84"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "avaya-ses-passwordencryption-info-disclosure(43383)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts \"subscriber table passwords,\" (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts \"subscriber table passwords.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1943",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30751"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-tablepasswords-info-disclosure(43382)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382"
},
{
"name": "http://www.voipshield.com/research-details.php?id=81",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=81"
},
{
"name": "avaya-ses-databaseserver-info-disclosure(43388)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388"
},
{
"name": "http://www.voipshield.com/research-details.php?id=83",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=83"
},
{
"name": "http://www.voipshield.com/research-details.php?id=82",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=82"
},
{
"name": "46602",
"refsource": "OSVDB",
"url": "http://osvdb.org/46602"
},
{
"name": "http://www.voipshield.com/research-details.php?id=85",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=85"
},
{
"name": "avaya-ses-databasepassword-info-disclosure(43387)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387"
},
{
"name": "http://www.voipshield.com/research-details.php?id=84",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=84"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "avaya-ses-passwordencryption-info-disclosure(43383)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6706",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6709 (GCVE-0-2008-6709)
Vulnerability from nvd – Published: 2009-04-10 15:00 – Updated: 2024-08-07 11:41
VLAI?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "46603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/46603"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=78"
},
{
"name": "avaya-ses-command-execution(43380)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of \"local data viewing or restoring parameters.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "46603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/46603"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=78"
},
{
"name": "avaya-ses-command-execution(43380)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of \"local data viewing or restoring parameters.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1943",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30751"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "46603",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/46603"
},
{
"name": "http://www.voipshield.com/research-details.php?id=78",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=78"
},
{
"name": "avaya-ses-command-execution(43380)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6709",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6710 (GCVE-0-2008-6710)
Vulnerability from nvd – Published: 2009-04-10 15:00 – Updated: 2024-08-07 11:42
VLAI?
Summary
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or restoring credentials."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30799"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=79"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "avaya-cm-interface-code-execution(43386)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46582",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/46582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to \"configuring data viewing or restoring credentials.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30799"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=79"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "avaya-cm-interface-code-execution(43386)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46582",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/46582"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to \"configuring data viewing or restoring credentials.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30799"
},
{
"name": "http://www.voipshield.com/research-details.php?id=79",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=79"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "avaya-cm-interface-code-execution(43386)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46582",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/46582"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6710",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6707 (GCVE-0-2008-6707)
Vulnerability from nvd – Published: 2009-04-10 15:00 – Updated: 2024-08-07 11:42
VLAI?
Summary
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=86"
},
{
"name": "avaya-ses-certificate-info-disclosure(43384)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384"
},
{
"name": "46598",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46598"
},
{
"name": "avaya-ses-statesfolder-code-execution(43393)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=88"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=90"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=87"
},
{
"name": "avaya-ses-objectsfolder-code-execution(43381)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46599",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46599"
},
{
"name": "46600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=91"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=89"
},
{
"name": "avaya-ses-application-info-disclosure(43394)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394"
},
{
"name": "avaya-ses-help-information-disclosure(43395)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395"
},
{
"name": "avaya-ses-application-unauth-access(43389)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \"unnecessary default application,\" (4) unspecified scripts in the states folder, (5) an unspecified \"default application\" that lists server configuration, and (6) \"full system help.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=86"
},
{
"name": "avaya-ses-certificate-info-disclosure(43384)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384"
},
{
"name": "46598",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46598"
},
{
"name": "avaya-ses-statesfolder-code-execution(43393)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=88"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=90"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=87"
},
{
"name": "avaya-ses-objectsfolder-code-execution(43381)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46599",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46599"
},
{
"name": "46600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=91"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=89"
},
{
"name": "avaya-ses-application-info-disclosure(43394)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394"
},
{
"name": "avaya-ses-help-information-disclosure(43395)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395"
},
{
"name": "avaya-ses-application-unauth-access(43389)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \"unnecessary default application,\" (4) unspecified scripts in the states folder, (5) an unspecified \"default application\" that lists server configuration, and (6) \"full system help.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1943",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30751"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "http://www.voipshield.com/research-details.php?id=86",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=86"
},
{
"name": "avaya-ses-certificate-info-disclosure(43384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384"
},
{
"name": "46598",
"refsource": "OSVDB",
"url": "http://osvdb.org/46598"
},
{
"name": "avaya-ses-statesfolder-code-execution(43393)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393"
},
{
"name": "http://www.voipshield.com/research-details.php?id=88",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=88"
},
{
"name": "http://www.voipshield.com/research-details.php?id=90",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=90"
},
{
"name": "http://www.voipshield.com/research-details.php?id=87",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=87"
},
{
"name": "avaya-ses-objectsfolder-code-execution(43381)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46599",
"refsource": "OSVDB",
"url": "http://osvdb.org/46599"
},
{
"name": "46600",
"refsource": "OSVDB",
"url": "http://osvdb.org/46600"
},
{
"name": "http://www.voipshield.com/research-details.php?id=91",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=91"
},
{
"name": "http://www.voipshield.com/research-details.php?id=89",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=89"
},
{
"name": "avaya-ses-application-info-disclosure(43394)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394"
},
{
"name": "avaya-ses-help-information-disclosure(43395)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395"
},
{
"name": "avaya-ses-application-unauth-access(43389)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6707",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6711 (GCVE-0-2008-6711)
Vulnerability from nvd – Published: 2009-04-10 15:00 – Updated: 2024-08-07 11:41
VLAI?
Summary
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30799"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=80"
},
{
"name": "avaya-cm-log-command-execution(43391)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46581",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/46581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to \"viewing system logs.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30799"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=80"
},
{
"name": "avaya-cm-log-command-execution(43391)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46581",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/46581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to \"viewing system logs.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30799"
},
{
"name": "http://www.voipshield.com/research-details.php?id=80",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=80"
},
{
"name": "avaya-cm-log-command-execution(43391)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46581",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/46581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6711",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6575 (GCVE-0-2008-6575)
Vulnerability from nvd – Published: 2009-04-01 22:00 – Updated: 2024-08-07 11:34
VLAI?
Summary
Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "avaya-ses-unspecified-dos(49849)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849"
},
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"name": "44287",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44287"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=23"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "avaya-ses-unspecified-dos(49849)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849"
},
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"name": "44287",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44287"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=23"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "avaya-ses-unspecified-dos(49849)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849"
},
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"name": "44287",
"refsource": "OSVDB",
"url": "http://osvdb.org/44287"
},
{
"name": "http://www.voipshield.com/research-details.php?id=23",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=23"
},
{
"name": "29744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6575",
"datePublished": "2009-04-01T22:00:00",
"dateReserved": "2009-04-01T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6573 (GCVE-0-2008-6573)
Vulnerability from nvd – Published: 2009-04-01 22:00 – Updated: 2024-08-07 11:34
VLAI?
Summary
Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=22"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm"
},
{
"name": "44286",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44286"
},
{
"name": "avaya-ses-sip-sql-injection(41733)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733"
},
{
"name": "28682",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28682"
},
{
"name": "avaya-ses-spim-sql-injection(41730)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730"
},
{
"name": "44284",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44284"
},
{
"name": "44285",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44285"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=22"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm"
},
{
"name": "44286",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44286"
},
{
"name": "avaya-ses-sip-sql-injection(41733)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733"
},
{
"name": "28682",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28682"
},
{
"name": "avaya-ses-spim-sql-injection(41730)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730"
},
{
"name": "44284",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44284"
},
{
"name": "44285",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44285"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.voipshield.com/research-details.php?id=25",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=25"
},
{
"name": "http://www.voipshield.com/research-details.php?id=26",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=26"
},
{
"name": "http://www.voipshield.com/research-details.php?id=22",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=22"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm"
},
{
"name": "44286",
"refsource": "OSVDB",
"url": "http://osvdb.org/44286"
},
{
"name": "avaya-ses-sip-sql-injection(41733)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733"
},
{
"name": "28682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28682"
},
{
"name": "avaya-ses-spim-sql-injection(41730)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730"
},
{
"name": "44284",
"refsource": "OSVDB",
"url": "http://osvdb.org/44284"
},
{
"name": "44285",
"refsource": "OSVDB",
"url": "http://osvdb.org/44285"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm"
},
{
"name": "29744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6573",
"datePublished": "2009-04-01T22:00:00",
"dateReserved": "2009-04-01T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6574 (GCVE-0-2008-6574)
Vulnerability from nvd – Published: 2009-04-01 22:00 – Updated: 2024-08-07 11:34
VLAI?
Summary
Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=24"
},
{
"name": "28687",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28687"
},
{
"name": "44288",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44288"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=24"
},
{
"name": "28687",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28687"
},
{
"name": "44288",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44288"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"name": "http://www.voipshield.com/research-details.php?id=24",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=24"
},
{
"name": "28687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28687"
},
{
"name": "44288",
"refsource": "OSVDB",
"url": "http://osvdb.org/44288"
},
{
"name": "29744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6574",
"datePublished": "2009-04-01T22:00:00",
"dateReserved": "2009-04-01T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}