CVE-2019-7001

A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:avaya:ip_office_contact_center:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office_contact_center:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:47

Type Values Removed Values Added
CVSS v2 : 6.5
v3 : 8.8
v2 : 6.5
v3 : 9.9
References () https://downloads.avaya.com/css/P8/documents/101056762 - Vendor Advisory () https://downloads.avaya.com/css/P8/documents/101056762 - Vendor Advisory

Information

Published : 2019-04-04 16:29

Updated : 2024-11-21 04:47


NVD link : CVE-2019-7001

Mitre link : CVE-2019-7001

CVE.ORG link : CVE-2019-7001


JSON object : View

Products Affected

avaya

  • ip_office_contact_center
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')