Vulnerabilites related to avaya - communication_manager
cve-2004-1082
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-08 00:39
Severity ?
EPSS score ?
Summary
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18347 | vdb-entry, x_refsource_XF | |
| http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html | vendor-advisory, x_refsource_APPLE | |
| http://www.securitytracker.com/alerts/2004/Dec/1012414.html | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/9571 | vdb-entry, x_refsource_BID | |
| http://www.ciac.org/ciac/bulletins/p-049.shtml | third-party-advisory, government-resource, x_refsource_CIAC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "macos-moddigest-response-replay(18347)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18347"
},
{
"name": "APPLE-SA-2004-12-02",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html"
},
{
"name": "1012414",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2004/Dec/1012414.html"
},
{
"name": "9571",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9571"
},
{
"name": "P-049",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/p-049.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "macos-moddigest-response-replay(18347)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18347"
},
{
"name": "APPLE-SA-2004-12-02",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html"
},
{
"name": "1012414",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2004/Dec/1012414.html"
},
{
"name": "9571",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9571"
},
{
"name": "P-049",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/p-049.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "macos-moddigest-response-replay(18347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18347"
},
{
"name": "APPLE-SA-2004-12-02",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html"
},
{
"name": "1012414",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2004/Dec/1012414.html"
},
{
"name": "9571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9571"
},
{
"name": "P-049",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-049.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1082",
"datePublished": "2005-04-21T04:00:00",
"dateReserved": "2004-11-30T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6711
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/1944/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30799 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.voipshield.com/research-details.php?id=80 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43391 | vdb-entry, x_refsource_XF | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/29939 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/46581 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30799"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=80"
},
{
"name": "avaya-cm-log-command-execution(43391)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46581",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/46581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to \"viewing system logs.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30799"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=80"
},
{
"name": "avaya-cm-log-command-execution(43391)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46581",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/46581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to \"viewing system logs.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30799"
},
{
"name": "http://www.voipshield.com/research-details.php?id=80",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=80"
},
{
"name": "avaya-cm-log-command-execution(43391)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46581",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/46581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6711",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6709
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/1943/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30751 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm | x_refsource_CONFIRM | |
| http://www.osvdb.org/46603 | vdb-entry, x_refsource_OSVDB | |
| http://www.voipshield.com/research-details.php?id=78 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43380 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/29939 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "46603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/46603"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=78"
},
{
"name": "avaya-ses-command-execution(43380)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of \"local data viewing or restoring parameters.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "46603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/46603"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=78"
},
{
"name": "avaya-ses-command-execution(43380)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of \"local data viewing or restoring parameters.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1943",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30751"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "46603",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/46603"
},
{
"name": "http://www.voipshield.com/research-details.php?id=78",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=78"
},
{
"name": "avaya-ses-command-execution(43380)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6709",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2812
Vulnerability from cvelistv5
Published
2008-07-09 00:00
Modified
2024-08-07 09:14
Severity ?
EPSS score ?
Summary
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2008:047",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html"
},
{
"name": "DSA-1630",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1630"
},
{
"name": "ADV-2008-2063",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2063/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788"
},
{
"name": "SUSE-SA:2008:038",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html"
},
{
"name": "USN-637-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/637-1/"
},
{
"name": "SUSE-SA:2008:035",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html"
},
{
"name": "[oss-security] 20080703 2.6.25.10 security fixes, please assign CVE id",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/03/2"
},
{
"name": "31614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31614"
},
{
"name": "31685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31685"
},
{
"name": "31341",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31341"
},
{
"name": "SUSE-SA:2008:052",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
},
{
"name": "30982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30982"
},
{
"name": "oval:org.mitre.oval:def:11632",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632"
},
{
"name": "31551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31551"
},
{
"name": "RHSA-2008:0665",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0665.html"
},
{
"name": "32103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32103"
},
{
"name": "31048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31048"
},
{
"name": "30076",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30076"
},
{
"name": "32759",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32759"
},
{
"name": "kernel-tty-dos(43687)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43687"
},
{
"name": "SUSE-SA:2008:037",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html"
},
{
"name": "32370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32370"
},
{
"name": "RHSA-2008:0973",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0973.html"
},
{
"name": "RHSA-2008:0612",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0612.html"
},
{
"name": "31202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31202"
},
{
"name": "oval:org.mitre.oval:def:6633",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm"
},
{
"name": "SUSE-SA:2008:049",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html"
},
{
"name": "SUSE-SR:2008:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"name": "33201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33201"
},
{
"name": "31229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31229"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SA:2008:047",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html"
},
{
"name": "DSA-1630",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1630"
},
{
"name": "ADV-2008-2063",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2063/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788"
},
{
"name": "SUSE-SA:2008:038",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html"
},
{
"name": "USN-637-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/637-1/"
},
{
"name": "SUSE-SA:2008:035",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html"
},
{
"name": "[oss-security] 20080703 2.6.25.10 security fixes, please assign CVE id",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/03/2"
},
{
"name": "31614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31614"
},
{
"name": "31685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31685"
},
{
"name": "31341",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31341"
},
{
"name": "SUSE-SA:2008:052",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
},
{
"name": "30982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30982"
},
{
"name": "oval:org.mitre.oval:def:11632",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632"
},
{
"name": "31551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31551"
},
{
"name": "RHSA-2008:0665",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0665.html"
},
{
"name": "32103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32103"
},
{
"name": "31048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31048"
},
{
"name": "30076",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30076"
},
{
"name": "32759",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32759"
},
{
"name": "kernel-tty-dos(43687)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43687"
},
{
"name": "SUSE-SA:2008:037",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html"
},
{
"name": "32370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32370"
},
{
"name": "RHSA-2008:0973",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0973.html"
},
{
"name": "RHSA-2008:0612",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0612.html"
},
{
"name": "31202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31202"
},
{
"name": "oval:org.mitre.oval:def:6633",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm"
},
{
"name": "SUSE-SA:2008:049",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html"
},
{
"name": "SUSE-SR:2008:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"name": "33201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33201"
},
{
"name": "31229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31229"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2812",
"datePublished": "2008-07-09T00:00:00",
"dateReserved": "2008-06-20T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6575
Vulnerability from cvelistv5
Published
2009-04-01 22:00
Modified
2024-08-07 11:34
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49849 | vdb-entry, x_refsource_XF | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41734 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/44287 | vdb-entry, x_refsource_OSVDB | |
| http://www.voipshield.com/research-details.php?id=23 | x_refsource_MISC | |
| http://secunia.com/advisories/29744 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "avaya-ses-unspecified-dos(49849)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849"
},
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"name": "44287",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44287"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=23"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "avaya-ses-unspecified-dos(49849)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849"
},
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"name": "44287",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44287"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=23"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "avaya-ses-unspecified-dos(49849)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849"
},
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"name": "44287",
"refsource": "OSVDB",
"url": "http://osvdb.org/44287"
},
{
"name": "http://www.voipshield.com/research-details.php?id=23",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=23"
},
{
"name": "29744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6575",
"datePublished": "2009-04-01T22:00:00",
"dateReserved": "2009-04-01T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1490
Vulnerability from cvelistv5
Published
2007-03-16 22:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection").
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/24434 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/33300 | vdb-entry, x_refsource_OSVDB | |
| http://support.avaya.com/elmodocs2/security/ASA-2007-052.htm | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24434"
},
{
"name": "33300",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/33300"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-052.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka \"shell command injection\")."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-03-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24434"
},
{
"name": "33300",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/33300"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-052.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka \"shell command injection\")."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24434"
},
{
"name": "33300",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33300"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-052.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-052.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1490",
"datePublished": "2007-03-16T22:00:00",
"dateReserved": "2007-03-16T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5710
Vulnerability from cvelistv5
Published
2008-12-24 17:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/2774 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45750 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/32035 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.voipshield.com/research-details.php?id=123 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/31639 | vdb-entry, x_refsource_BID | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2774",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2774"
},
{
"name": "avaya-cm-configuration-info-disclosure(45750)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45750"
},
{
"name": "32035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32035"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=123"
},
{
"name": "31639",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31639"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2774",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2774"
},
{
"name": "avaya-cm-configuration-info-disclosure(45750)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45750"
},
{
"name": "32035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32035"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=123"
},
{
"name": "31639",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31639"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2774",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2774"
},
{
"name": "avaya-cm-configuration-info-disclosure(45750)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45750"
},
{
"name": "32035",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32035"
},
{
"name": "http://www.voipshield.com/research-details.php?id=123",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=123"
},
{
"name": "31639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31639"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5710",
"datePublished": "2008-12-24T17:00:00",
"dateReserved": "2008-12-24T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6708
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/1943/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30751 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43390 | vdb-entry, x_refsource_XF | |
| http://www.voipshield.com/research-details.php?id=77 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/29939 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/46604 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-parameters-code-execution(43390)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=77"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46604"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of \"data viewing or restoring parameters.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-parameters-code-execution(43390)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=77"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46604"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of \"data viewing or restoring parameters.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1943",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30751"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-parameters-code-execution(43390)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390"
},
{
"name": "http://www.voipshield.com/research-details.php?id=77",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=77"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46604",
"refsource": "OSVDB",
"url": "http://osvdb.org/46604"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6708",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5709
Vulnerability from cvelistv5
Published
2008-12-24 17:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45747 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/31645 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2008/2772 | vdb-entry, x_refsource_VUPEN | |
| http://www.voipshield.com/research-details.php?id=122 | x_refsource_MISC | |
| http://secunia.com/advisories/32204 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45749 | vdb-entry, x_refsource_XF | |
| http://www.voipshield.com/research-details.php?id=121 | x_refsource_MISC | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:43.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "avaya-cm-backuphistory-cmd-execution(45747)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747"
},
{
"name": "31645",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31645"
},
{
"name": "ADV-2008-2772",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2772"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=122"
},
{
"name": "32204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32204"
},
{
"name": "avaya-cm-setstatic-command-execution(45749)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "avaya-cm-backuphistory-cmd-execution(45747)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747"
},
{
"name": "31645",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31645"
},
{
"name": "ADV-2008-2772",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2772"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=122"
},
{
"name": "32204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32204"
},
{
"name": "avaya-cm-setstatic-command-execution(45749)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "avaya-cm-backuphistory-cmd-execution(45747)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747"
},
{
"name": "31645",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31645"
},
{
"name": "ADV-2008-2772",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2772"
},
{
"name": "http://www.voipshield.com/research-details.php?id=122",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=122"
},
{
"name": "32204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32204"
},
{
"name": "avaya-cm-setstatic-command-execution(45749)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749"
},
{
"name": "http://www.voipshield.com/research-details.php?id=121",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=121"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5709",
"datePublished": "2008-12-24T17:00:00",
"dateReserved": "2008-12-24T00:00:00",
"dateUpdated": "2024-08-07T11:04:43.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6706
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-tablepasswords-info-disclosure(43382)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=81"
},
{
"name": "avaya-ses-databaseserver-info-disclosure(43388)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=83"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=82"
},
{
"name": "46602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46602"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=85"
},
{
"name": "avaya-ses-databasepassword-info-disclosure(43387)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=84"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "avaya-ses-passwordencryption-info-disclosure(43383)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts \"subscriber table passwords,\" (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts \"subscriber table passwords.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-tablepasswords-info-disclosure(43382)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=81"
},
{
"name": "avaya-ses-databaseserver-info-disclosure(43388)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=83"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=82"
},
{
"name": "46602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46602"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=85"
},
{
"name": "avaya-ses-databasepassword-info-disclosure(43387)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=84"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "avaya-ses-passwordencryption-info-disclosure(43383)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts \"subscriber table passwords,\" (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts \"subscriber table passwords.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1943",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30751"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "avaya-ses-tablepasswords-info-disclosure(43382)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382"
},
{
"name": "http://www.voipshield.com/research-details.php?id=81",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=81"
},
{
"name": "avaya-ses-databaseserver-info-disclosure(43388)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388"
},
{
"name": "http://www.voipshield.com/research-details.php?id=83",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=83"
},
{
"name": "http://www.voipshield.com/research-details.php?id=82",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=82"
},
{
"name": "46602",
"refsource": "OSVDB",
"url": "http://osvdb.org/46602"
},
{
"name": "http://www.voipshield.com/research-details.php?id=85",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=85"
},
{
"name": "avaya-ses-databasepassword-info-disclosure(43387)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387"
},
{
"name": "http://www.voipshield.com/research-details.php?id=84",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=84"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "avaya-ses-passwordencryption-info-disclosure(43383)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6706",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6707
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:42
Severity ?
EPSS score ?
Summary
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=86"
},
{
"name": "avaya-ses-certificate-info-disclosure(43384)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384"
},
{
"name": "46598",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46598"
},
{
"name": "avaya-ses-statesfolder-code-execution(43393)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=88"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=90"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=87"
},
{
"name": "avaya-ses-objectsfolder-code-execution(43381)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46599",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46599"
},
{
"name": "46600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=91"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=89"
},
{
"name": "avaya-ses-application-info-disclosure(43394)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394"
},
{
"name": "avaya-ses-help-information-disclosure(43395)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395"
},
{
"name": "avaya-ses-application-unauth-access(43389)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \"unnecessary default application,\" (4) unspecified scripts in the states folder, (5) an unspecified \"default application\" that lists server configuration, and (6) \"full system help.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=86"
},
{
"name": "avaya-ses-certificate-info-disclosure(43384)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384"
},
{
"name": "46598",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46598"
},
{
"name": "avaya-ses-statesfolder-code-execution(43393)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=88"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=90"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=87"
},
{
"name": "avaya-ses-objectsfolder-code-execution(43381)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46599",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46599"
},
{
"name": "46600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=91"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=89"
},
{
"name": "avaya-ses-application-info-disclosure(43394)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394"
},
{
"name": "avaya-ses-help-information-disclosure(43395)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395"
},
{
"name": "avaya-ses-application-unauth-access(43389)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \"unnecessary default application,\" (4) unspecified scripts in the states folder, (5) an unspecified \"default application\" that lists server configuration, and (6) \"full system help.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1943",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30751"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "http://www.voipshield.com/research-details.php?id=86",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=86"
},
{
"name": "avaya-ses-certificate-info-disclosure(43384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384"
},
{
"name": "46598",
"refsource": "OSVDB",
"url": "http://osvdb.org/46598"
},
{
"name": "avaya-ses-statesfolder-code-execution(43393)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393"
},
{
"name": "http://www.voipshield.com/research-details.php?id=88",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=88"
},
{
"name": "http://www.voipshield.com/research-details.php?id=90",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=90"
},
{
"name": "http://www.voipshield.com/research-details.php?id=87",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=87"
},
{
"name": "avaya-ses-objectsfolder-code-execution(43381)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46599",
"refsource": "OSVDB",
"url": "http://osvdb.org/46599"
},
{
"name": "46600",
"refsource": "OSVDB",
"url": "http://osvdb.org/46600"
},
{
"name": "http://www.voipshield.com/research-details.php?id=91",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=91"
},
{
"name": "http://www.voipshield.com/research-details.php?id=89",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=89"
},
{
"name": "avaya-ses-application-info-disclosure(43394)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394"
},
{
"name": "avaya-ses-help-information-disclosure(43395)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395"
},
{
"name": "avaya-ses-application-unauth-access(43389)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6707",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6710
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:42
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or restoring credentials."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/1944/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30799 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.voipshield.com/research-details.php?id=79 | x_refsource_MISC | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43386 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/29939 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/46582 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30799"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=79"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "avaya-cm-interface-code-execution(43386)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46582",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/46582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to \"configuring data viewing or restoring credentials.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30799"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=79"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "avaya-cm-interface-code-execution(43386)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46582",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/46582"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to \"configuring data viewing or restoring credentials.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"name": "30799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30799"
},
{
"name": "http://www.voipshield.com/research-details.php?id=79",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=79"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"name": "avaya-cm-interface-code-execution(43386)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46582",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/46582"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6710",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3778
Vulnerability from cvelistv5
Published
2008-08-25 21:00
Modified
2024-08-07 09:52
Severity ?
EPSS score ?
Summary
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44585 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/30758 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:52:59.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm"
},
{
"name": "avaya-ses-servers-security-bypass(44585)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44585"
},
{
"name": "30758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30758"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm"
},
{
"name": "avaya-ses-servers-security-bypass(44585)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44585"
},
{
"name": "30758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30758"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm"
},
{
"name": "avaya-ses-servers-security-bypass(44585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44585"
},
{
"name": "30758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30758"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3778",
"datePublished": "2008-08-25T21:00:00",
"dateReserved": "2008-08-25T00:00:00",
"dateUpdated": "2024-08-07T09:52:59.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6574
Vulnerability from cvelistv5
Published
2009-04-01 22:00
Modified
2024-08-07 11:34
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41734 | vdb-entry, x_refsource_XF | |
| http://www.voipshield.com/research-details.php?id=24 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/28687 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/44288 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/29744 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=24"
},
{
"name": "28687",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28687"
},
{
"name": "44288",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44288"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=24"
},
{
"name": "28687",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28687"
},
{
"name": "44288",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44288"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"name": "http://www.voipshield.com/research-details.php?id=24",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=24"
},
{
"name": "28687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28687"
},
{
"name": "44288",
"refsource": "OSVDB",
"url": "http://osvdb.org/44288"
},
{
"name": "29744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6574",
"datePublished": "2009-04-01T22:00:00",
"dateReserved": "2009-04-01T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6573
Vulnerability from cvelistv5
Published
2009-04-01 22:00
Modified
2024-08-07 11:34
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.voipshield.com/research-details.php?id=25 | x_refsource_MISC | |
| http://www.voipshield.com/research-details.php?id=26 | x_refsource_MISC | |
| http://www.voipshield.com/research-details.php?id=22 | x_refsource_MISC | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm | x_refsource_CONFIRM | |
| http://osvdb.org/44286 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41733 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/28682 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41730 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/44284 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/44285 | vdb-entry, x_refsource_OSVDB | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm | x_refsource_CONFIRM | |
| http://secunia.com/advisories/29744 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=22"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm"
},
{
"name": "44286",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44286"
},
{
"name": "avaya-ses-sip-sql-injection(41733)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733"
},
{
"name": "28682",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28682"
},
{
"name": "avaya-ses-spim-sql-injection(41730)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730"
},
{
"name": "44284",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44284"
},
{
"name": "44285",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44285"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=22"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm"
},
{
"name": "44286",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44286"
},
{
"name": "avaya-ses-sip-sql-injection(41733)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733"
},
{
"name": "28682",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28682"
},
{
"name": "avaya-ses-spim-sql-injection(41730)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730"
},
{
"name": "44284",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44284"
},
{
"name": "44285",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44285"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm"
},
{
"name": "29744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.voipshield.com/research-details.php?id=25",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=25"
},
{
"name": "http://www.voipshield.com/research-details.php?id=26",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=26"
},
{
"name": "http://www.voipshield.com/research-details.php?id=22",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=22"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm"
},
{
"name": "44286",
"refsource": "OSVDB",
"url": "http://osvdb.org/44286"
},
{
"name": "avaya-ses-sip-sql-injection(41733)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733"
},
{
"name": "28682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28682"
},
{
"name": "avaya-ses-spim-sql-injection(41730)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730"
},
{
"name": "44284",
"refsource": "OSVDB",
"url": "http://osvdb.org/44284"
},
{
"name": "44285",
"refsource": "OSVDB",
"url": "http://osvdb.org/44285"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm"
},
{
"name": "29744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6573",
"datePublished": "2009-04-01T22:00:00",
"dateReserved": "2009-04-01T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3777
Vulnerability from cvelistv5
Published
2008-08-25 21:00
Modified
2024-08-07 09:52
Severity ?
EPSS score ?
Summary
The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/30758 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44586 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:52:59.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm"
},
{
"name": "30758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30758"
},
{
"name": "avaya-ses-servers-info-disclosure(44586)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44586"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm"
},
{
"name": "30758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30758"
},
{
"name": "avaya-ses-servers-info-disclosure(44586)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44586"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm"
},
{
"name": "30758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30758"
},
{
"name": "avaya-ses-servers-info-disclosure(44586)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44586"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3777",
"datePublished": "2008-08-25T21:00:00",
"dateReserved": "2008-08-25T00:00:00",
"dateUpdated": "2024-08-07T09:52:59.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-04-01 22:30
Modified
2024-11-21 00:56
Severity ?
Summary
Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*",
"matchCriteriaId": "423E4EEB-3D6F-449E-B623-C8D051E8FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*",
"matchCriteriaId": "5BD89D61-0B42-4DDE-99F1-71570A37A136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DE700B-B830-445B-AF08-4AD28EF1BE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*",
"matchCriteriaId": "522FD345-91ED-4FE2-8069-028C3A2E3974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*",
"matchCriteriaId": "3507CABD-74EE-4A53-9C09-AF38B3F218F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en SIP Enablement Services (SES) en Avaya Communication Manager 3.1.x y 4.x permite a atacantes remotos conseguir privilegios y provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores desconocidos relacionados con reutilizar credenciales v\u00e1lidas."
}
],
"id": "CVE-2008-6574",
"lastModified": "2024-11-21T00:56:53.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-01T22:30:01.093",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/44288"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29744"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28687"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=24"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/44288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-01 22:30
Modified
2024-11-21 00:56
Severity ?
Summary
Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | * | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B13FEC26-15CC-4F82-8C24-BBD9C3FBA80E",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*",
"matchCriteriaId": "423E4EEB-3D6F-449E-B623-C8D051E8FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*",
"matchCriteriaId": "5BD89D61-0B42-4DDE-99F1-71570A37A136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84E2136B-6FE3-4548-A89D-444ED9393C22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Avaya SIP Enablement Services (SES) en Avaya Avaya Communication Manager 3.x, 4.0, y 5.0 (1) permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados relacionados con perfiles en el SIP Personal Information Manager (SPIM) en la interfaz web; y permite a usuarios remotos autenticados ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados relacionados a (2) permisos para perfiles SPIM en la interfaz web y (3) una petici\u00f3n SIP manipulada en el servidor SIP."
}
],
"id": "CVE-2008-6573",
"lastModified": "2024-11-21T00:56:53.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-01T22:30:00.187",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/44284"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/44285"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/44286"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29744"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28682"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=22"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=25"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=26"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/44284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/44285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/44286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41733"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-24 18:29
Modified
2024-11-21 00:54
Severity ?
Summary
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.3 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DE700B-B830-445B-AF08-4AD28EF1BE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*",
"matchCriteriaId": "522FD345-91ED-4FE2-8069-028C3A2E3974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*",
"matchCriteriaId": "3507CABD-74EE-4A53-9C09-AF38B3F218F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84E2136B-6FE3-4548-A89D-444ED9393C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FB4B7CCA-3961-48BC-ABFD-A608B39BD921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F9DD5F5B-5F44-422C-B9D9-731B53981BEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades sin especificar en la interfaz de gesti\u00f3n web en Avaya Communication Manager (CM) 3.1 antes de 3.1.4 SP2, 4.0 antes de 4.0.3 SP1 y 5.0 antes de 5.0 SP3 permite a usuarios remotamente autentificados ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores de ataque desconocidos en los componentes (1) Set Static Routes y (2) Backup History."
}
],
"id": "CVE-2008-5709",
"lastModified": "2024-11-21T00:54:42.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-24T18:29:15.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32204"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31645"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=121"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=122"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2772"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-16 22:19
Modified
2024-11-21 00:28
Severity ?
Summary
Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection").
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83CE646B-36D5-4A66-B4BF-70E026AB8B7A",
"versionEndIncluding": "3.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka \"shell command injection\")."
},
{
"lang": "es",
"value": "P\u00e1ginas web de mantenimiento no especificadas en Avaya S87XX, S8500, y S8300 versiones anteriores a CM 3.1.3, y Avaya SES permite a usuarios remotos autenticados ejecutar comandos de su elecci\u00f3n mediante metacaracteres shell en vectores si especificar (tambi\u00e9n conocido como \"inyecci\u00f3n de comando shell\")."
}
],
"id": "CVE-2007-1490",
"lastModified": "2024-11-21T00:28:26.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-16T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24434"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-052.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/33300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-052.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/33300"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-24 18:29
Modified
2024-11-21 00:54
Severity ?
Summary
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 4.0.3 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.0 | |
| avaya | communication_manager | 5.1 | |
| avaya | communication_manager | 5.1 | |
| avaya | communication_manager | 5.1.1 | |
| avaya | communication_manager | 5.1.1 | |
| avaya | communication_manager | 5.1.2 | |
| avaya | communication_manager | 5.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*",
"matchCriteriaId": "423E4EEB-3D6F-449E-B623-C8D051E8FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*",
"matchCriteriaId": "5BD89D61-0B42-4DDE-99F1-71570A37A136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84E2136B-6FE3-4548-A89D-444ED9393C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FB4B7CCA-3961-48BC-ABFD-A608B39BD921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F9DD5F5B-5F44-422C-B9D9-731B53981BEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AD401628-23D0-4CC0-8D30-B10910533003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A32A986-3DB3-4CB5-AF52-12D83C4A6B95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "223037D6-1345-4705-BB88-E814211D666D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4ED0CFA4-C45E-465B-9F45-EB0742305CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.1.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "22364E59-5248-43E3-8B6A-E646188F69E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "120EA1E2-EEF0-4FF6-960D-34FF9E88F2F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.1.2:sp0:*:*:*:*:*:*",
"matchCriteriaId": "ED8A8551-7374-4A21-B141-10BE4CEF222F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades sin especificar en la interfaz de gesti\u00f3n web en Avaya Communication Manager (CM) 3.1.x, 4.0.3 y 5.x permite a atacantes remotos leer (1) archivos de configuraci\u00f3n, (2) archivos de log, (3) archivos binarios de imagen y (4) archivos de ayuda mediante vectores desconocidos."
}
],
"id": "CVE-2008-5710",
"lastModified": "2024-11-21T00:54:42.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-24T18:29:15.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32035"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31639"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=123"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2774"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45750"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 3.0 | |
| avaya | sip_enablement_services | 3.1 | |
| avaya | sip_enablement_services | 3.1.1 | |
| avaya | sip_enablement_services | 4.0 | |
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D4881F-650A-4FA1-B604-70EBBED41AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EB9ECB-9ABF-40ED-9116-D3FE9FC73B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43F41650-7E55-436A-9935-8CE88B428680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFF25B3-B7C7-479C-8C2A-995E568C3395",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*",
"matchCriteriaId": "423E4EEB-3D6F-449E-B623-C8D051E8FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*",
"matchCriteriaId": "5BD89D61-0B42-4DDE-99F1-71570A37A136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts \"subscriber table passwords,\" (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts \"subscriber table passwords.\""
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en el interfase de gesti\u00f3n web en Avaya SIP Enablement Services (SES) v3.x y v4.0, como los usados en Avaya Communicati\u00f3n Manager v3.1.x, permite a atacantes remotos conseguir (1)configuraci\u00f3n de la aplicaci\u00f3n del servidor, (2) configuraci\u00f3n del servidor de bases de datos, incluidas claves cifradas, (3) utilidad del sistema que desencripta \"claves de tablas de suscriptor\", (4) utilidad del sistema que desencripta las claves de la base de datos, y (5) una utilidad del sistema que encripta \"claves de tablas de suscriptor\"."
}
],
"id": "CVE-2008-6706",
"lastModified": "2024-11-21T00:57:15.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.640",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46602"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30751"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=81"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=82"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=83"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=84"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=85"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=81"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=82"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=85"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 3.0 | |
| avaya | sip_enablement_services | 3.1 | |
| avaya | sip_enablement_services | 3.1.1 | |
| avaya | sip_enablement_services | 4.0 | |
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D4881F-650A-4FA1-B604-70EBBED41AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EB9ECB-9ABF-40ED-9116-D3FE9FC73B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43F41650-7E55-436A-9935-8CE88B428680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFF25B3-B7C7-479C-8C2A-995E568C3395",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*",
"matchCriteriaId": "423E4EEB-3D6F-449E-B623-C8D051E8FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*",
"matchCriteriaId": "5BD89D61-0B42-4DDE-99F1-71570A37A136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of \"local data viewing or restoring parameters.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el interfase de administraci\u00f3n web de Avaya SIP Enablement Services (SES)v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x, permite a usuarios remotos autentificados, ejecutar comandos de su elecci\u00f3n a trav\u00e9s de vectores no espec\u00edficos, relativos a la configuraci\u00f3n de \"viendo datos locales o restaurando par\u00e1metros\"."
}
],
"id": "CVE-2008-6709",
"lastModified": "2024-11-21T00:57:16.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.703",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30751"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/46603"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=78"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/46603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-09 00:41
Modified
2024-11-21 00:47
Severity ?
Summary
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 7.04 | |
| canonical | ubuntu_linux | 7.10 | |
| canonical | ubuntu_linux | 8.04 | |
| novell | linux_desktop | 9 | |
| opensuse | opensuse | 10.3 | |
| opensuse | opensuse | 11.0 | |
| suse | suse_linux_enterprise_desktop | 10 | |
| suse | suse_linux_enterprise_desktop | 10 | |
| suse | suse_linux_enterprise_server | 10 | |
| suse | suse_linux_enterprise_server | 10 | |
| debian | debian_linux | 4.0 | |
| avaya | communication_manager | * | |
| avaya | expanded_meet-me_conferencing | * | |
| avaya | intuity_audix_lx | 2.0 | |
| avaya | meeting_exchange | 5.0 | |
| avaya | message_networking | 3.1 | |
| avaya | messaging_storage_server | 4.0 | |
| avaya | proactive_contact | 4.0 | |
| avaya | sip_enablement_services | - | |
| avaya | sip_enablement_services | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC9ED30-C7E9-498C-8936-4F59CF69C0CE",
"versionEndExcluding": "2.6.25.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*",
"matchCriteriaId": "5595E484-647C-4F85-94AB-5A4D55CD766B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp1:*:*:*:*:*:*",
"matchCriteriaId": "44320836-E2DE-4A1C-9820-AFFA087FF7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "14DF1463-F23F-465F-8A35-D550A7438CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp1:*:*:*:*:*:*",
"matchCriteriaId": "15E235E9-EC31-4F3F-80F7-981C720FF353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "02E6A767-B9A5-4054-BE70-286E0A464248",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73143989-598B-499C-A6EB-53CE5EB1C1D4",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:expanded_meet-me_conferencing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D49128AC-48BC-4815-8AB8-2689D9D3EB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:intuity_audix_lx:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96733234-88DB-45EB-ACFC-1BCA21BC89E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:meeting_exchange:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC2D26E-86AE-4FA1-8CBF-A775F1B240AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:message_networking:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E871348D-8FA1-4C77-BB8E-BECF9CF2FFD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:messaging_storage_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90E377-B821-4508-B1AB-B10F47975E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:proactive_contact:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51C4F426-8D57-4DC8-AE52-2AEE80A57BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB636851-8ED1-463C-BC6C-108E4F08F60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFF25B3-B7C7-479C-8C2A-995E568C3395",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/."
},
{
"lang": "es",
"value": "El n\u00facleo de Linux anterior a 2.6.25.10, no realiza de forma adecuada las operaciones tty, esto permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema) o posiblemente obtener privilegios mediante vectores que contienen referencias a puntero NULO en los punteros a funciones en (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, y (8) wireless/strip.c en drivers/net/."
}
],
"id": "CVE-2008-2812",
"lastModified": "2024-11-21T00:47:45.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2008-07-09T00:41:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/30982"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31048"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31202"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31229"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31341"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31551"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31614"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31685"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/32103"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/32370"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/32759"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/33201"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1630"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/03/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0612.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0665.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0973.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30076"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/2063/references"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43687"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/637-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/30982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/32103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/32370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/32759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/33201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/03/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0612.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0665.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0973.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/2063/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/637-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-25 21:41
Modified
2024-11-21 00:50
Severity ?
Summary
The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 5.0 | |
| avaya | s8300c_server | * | |
| avaya | communication_manager | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03BEFE21-9FAA-4DA0-9C75-A70C12A88123",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:avaya:s8300c_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8030330C-BC31-485A-A93C-AEA910D4042C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84E2136B-6FE3-4548-A89D-444ED9393C22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs."
},
{
"lang": "es",
"value": "SIP Enablement Services (SES) Server en Avaya SIP Enablement Services 5.0 y Communication Manager (CM) 5.0 en el S8300C con SES activado, escribe los nombres y contrase\u00f1as de cuenta en los logs (1) alarm y (2) system, durante los intentos fallidos de login, lo que permite a usuarios locales obtener credenciales leyendo estos logs."
}
],
"id": "CVE-2008-3777",
"lastModified": "2024-11-21T00:50:06.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-25T21:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30758"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44586"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or restoring credentials."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.2 | |
| avaya | communication_manager | 4.0.2 | |
| avaya | communication_manager | 4.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DE700B-B830-445B-AF08-4AD28EF1BE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*",
"matchCriteriaId": "522FD345-91ED-4FE2-8069-028C3A2E3974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*",
"matchCriteriaId": "3507CABD-74EE-4A53-9C09-AF38B3F218F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78F06597-F0EB-4753-BFFF-62A21EE230DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D14829C8-3C05-426D-835B-355E4240B8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to \"configuring data viewing or restoring credentials.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el interfase de administraci\u00f3n web de Avaya Communication Manager v3.1.x anteriores a CM v3.1.4 SP2 y v4.0.x anteriores a v4.0.3 SP1 permite a administradores remotos autentificados, obtener privilegios de root a trav\u00e9s de vectores no espec\u00edficos, relativos a \"viendo datos de configuraci\u00f3n o restaurando credenciales\"."
}
],
"id": "CVE-2008-6710",
"lastModified": "2024-11-21T00:57:16.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.733",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30799"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/46582"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=79"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/46582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=79"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43386"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DE700B-B830-445B-AF08-4AD28EF1BE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*",
"matchCriteriaId": "522FD345-91ED-4FE2-8069-028C3A2E3974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*",
"matchCriteriaId": "3507CABD-74EE-4A53-9C09-AF38B3F218F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to \"viewing system logs.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el interfase de administraci\u00f3n Web en Avaya Communication Manager v3.1.x anteriores a CM v3.1.4 SP2 y v4.0.x anteriores v4.0.3 SP1 permiten a usuarios remotos autentificados, ejecutar comandos de su elecci\u00f3n a trav\u00e9s de vectores desconocidos, relativo a \"viendo registros de sistema\"."
}
],
"id": "CVE-2008-6711",
"lastModified": "2024-11-21T00:57:16.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.750",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30799"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/46581"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=80"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/46581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1944/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.3 | |
| avaya | sip_enablement_services | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DE700B-B830-445B-AF08-4AD28EF1BE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*",
"matchCriteriaId": "522FD345-91ED-4FE2-8069-028C3A2E3974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*",
"matchCriteriaId": "3507CABD-74EE-4A53-9C09-AF38B3F218F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D4881F-650A-4FA1-B604-70EBBED41AE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of \"data viewing or restoring parameters.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el interfase de administraci\u00f3n web de Avaya SIP Enablement Services (SES)v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x y v4.x, permite a usuarios remotos autentificados, obtener privilegios de root a trav\u00e9s de vectores desconocidos relativos a la configuraci\u00f3n de \"viendo datos locales o restaurando par\u00e1metros\"."
}
],
"id": "CVE-2008-6708",
"lastModified": "2024-11-21T00:57:16.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.687",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46604"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30751"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=77"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=77"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-01 22:30
Modified
2024-11-21 00:56
Severity ?
Summary
Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*",
"matchCriteriaId": "423E4EEB-3D6F-449E-B623-C8D051E8FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*",
"matchCriteriaId": "5BD89D61-0B42-4DDE-99F1-71570A37A136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DE700B-B830-445B-AF08-4AD28EF1BE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*",
"matchCriteriaId": "522FD345-91ED-4FE2-8069-028C3A2E3974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*",
"matchCriteriaId": "3507CABD-74EE-4A53-9C09-AF38B3F218F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el servidor SIP en SIP Enablement Services (SES) en Avaya Communication Manager 3.1.x y 4.x permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (consumo de recursos) a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-6575",
"lastModified": "2024-11-21T00:56:53.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-01T22:30:01.127",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/44287"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29744"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=23"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/44287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 3.0 | |
| avaya | sip_enablement_services | 3.1 | |
| avaya | sip_enablement_services | 3.1.1 | |
| avaya | sip_enablement_services | 4.0 | |
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D4881F-650A-4FA1-B604-70EBBED41AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EB9ECB-9ABF-40ED-9116-D3FE9FC73B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43F41650-7E55-436A-9935-8CE88B428680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFF25B3-B7C7-479C-8C2A-995E568C3395",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*",
"matchCriteriaId": "423E4EEB-3D6F-449E-B623-C8D051E8FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*",
"matchCriteriaId": "5BD89D61-0B42-4DDE-99F1-71570A37A136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \"unnecessary default application,\" (4) unspecified scripts in the states folder, (5) an unspecified \"default application\" that lists server configuration, and (6) \"full system help.\""
},
{
"lang": "es",
"value": "El interfase de administraci\u00f3n web de Avaya SIP Enablement Services (SES) v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x no realiza autentificaci\u00f3n para ciertas tareas, lo que permite a atacantes remotos obtener informaci\u00f3n sensible y acceso a funcionalidades restringidas a trav\u00e9s de (1) la utilidad de instalaci\u00f3n de certificados, (2) secuencias de comandos no espec\u00edficas en el directorio de objetos, (3) una \"aplicaci\u00f3n por defecto no necesaria\", (4) secuencias de c\u00f3digo no espec\u00edficas en el directorio \"States\",(5) una \"aplicaci\u00f3n por defecto\" no espec\u00edfica que lista la configuraci\u00f3n del servidor, y (6) \"ayuda del sistema completa\"."
}
],
"id": "CVE-2008-6707",
"lastModified": "2024-11-21T00:57:15.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.670",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46598"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46599"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46600"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30751"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=86"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=87"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=88"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=89"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=90"
},
{
"source": "cve@mitre.org",
"url": "http://www.voipshield.com/research-details.php?id=91"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=87"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=89"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=90"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.voipshield.com/research-details.php?id=91"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-25 21:41
Modified
2024-11-21 00:50
Severity ?
Summary
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 5.0 | |
| avaya | s8300c_server | * | |
| avaya | communication_manager | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:sip_enablement_services:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03BEFE21-9FAA-4DA0-9C75-A70C12A88123",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:avaya:s8300c_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8030330C-BC31-485A-A93C-AEA910D4042C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84E2136B-6FE3-4548-A89D-444ED9393C22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request."
},
{
"lang": "es",
"value": "El interfaz remoto de gesti\u00f3n en SIP Enablement Services (SES) Server en Avaya SIP Enablement Services 5.0 y Communication Manager (CM) 5.0 en el S8300C con SES activado, continua con las actualizaciones de Core router incluso con un login no v\u00e1lido, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corte del servicio de mensajer\u00eda) o bien obtener privilegios mediante una petici\u00f3n de actualizaci\u00f3n."
}
],
"id": "CVE-2008-3778",
"lastModified": "2024-11-21T00:50:06.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-25T21:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30758"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44585"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28EC1F94-04F3-490A-8324-1EB60EEBAD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30D94958-0D13-4076-B6F0-61D505136789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B22DA22E-54DA-46CF-B3AE-4B0900D8086A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F496A-5D57-448F-A46F-E15F06CBFD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "89B58983-633F-4D20-80AE-8E7EB865CF83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*",
"matchCriteriaId": "34FD94C9-2352-4147-9BF2-A3CF841A159B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "19C8989C-D8A6-4AE9-99B6-F2DAE5999EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6EE0E2-D608-4E72-A0E5-F407511405C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "33FD6791-3B84-40CA-BCF4-B5637B172F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDD2F69-CFD4-4DEA-B43A-1337EEFA95A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0A80B17D-FD66-40BD-9ADC-FE7A3944A696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "713ADED4-CBE5-40C3-A128-99CFABF24560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "70FA0B8E-1A90-4939-871A-38B9E93BCCC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "83BDEAE5-29B9-48E3-93FA-F30832044C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A2720E06-1B0E-4BFE-8C85-A17E597BB151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE1DECF-36C7-4968-8B7A-7A2034C2A957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B67BD173-8517-4E97-BC65-D9657C63601A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B392A96F-FD2F-4073-8EED-EB31E1F20FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E130104B-86F5-411E-8AC0-9B4B780BCA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "0E62E621-74DA-4D99-A79C-AD2B85896A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "2C577188-BD56-4571-A61A-1684DC9E9DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3A4CD9-1E96-4D3B-938D-F2D15855B0DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apache_mod_digest_apple:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB39F9C4-7783-451E-B83D-401EF043F678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "497884DB-EF7C-4FC1-99A8-581A0348A57C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0EC54C7-5358-4C80-8202-378050B255FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE74E0BF-739A-41A4-894C-A9B4BA23CAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:communication_manager:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6372F030-0069-4994-9F79-7D99F39945CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:intuity_audix_lx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12D21889-2F4E-460B-AA92-4E910B7CBBDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:virtualvault:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2609CA23-B892-428D-93D1-D210B8D5741D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:virtualvault:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "129075F9-F03E-4298-8515-5A046816C7C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:virtualvault:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "79E7B549-B2AA-4587-84DE-ECDF4FE4BAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:webproxy:a.02.00:*:*:*:*:*:*:*",
"matchCriteriaId": "35B53C86-D426-46F6-B5EE-D96517002905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:webproxy:a.02.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A8A75A-3F63-4468-8E51-AA65E4753C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:http_server:1.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C3A030-EF04-4C82-BFD5-CF6459099B15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:mn100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D073442B-D7E7-4E07-AF2D-E22FE65B09A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:network_routing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E942E0E7-0808-479C-B061-66119EBA12E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E25F5CF2-F891-41CA-A40C-13966F72FDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7417958C-5321-41D6-9D1A-D16BF5511E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:current:*:*:*:*:*:*:*",
"matchCriteriaId": "0370727F-1E37-4B82-8969-A2AC644632E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E140F76-D078-4F58-89CF-3278CDCB9AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D76A8D-832B-411E-A458-186733C66010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"matchCriteriaId": "1894C542-AA81-40A9-BF47-AE24C93C1ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "A711CDC2-412C-499D-9FA6-7F25B06267C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"matchCriteriaId": "0B837BB7-5F62-4CD5-9C64-8553C28EA8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A2475113-CFE4-41C8-A86F-F2DA6548D224",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials."
}
],
"id": "CVE-2004-1082",
"lastModified": "2024-11-20T23:50:03.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-02-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/p-049.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9571"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securitytracker.com/alerts/2004/Dec/1012414.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/p-049.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securitytracker.com/alerts/2004/Dec/1012414.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18347"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}