A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.
References
Link | Resource |
---|---|
https://support.avaya.com/css/P8/documents/101070201 | Vendor Advisory |
https://support.avaya.com/css/P8/documents/101070201 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:36
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 6.4 |
References | () https://support.avaya.com/css/P8/documents/101070201 - Vendor Advisory |
Information
Published : 2020-08-11 23:15
Updated : 2024-11-21 05:36
NVD link : CVE-2020-7029
Mitre link : CVE-2020-7029
CVE.ORG link : CVE-2020-7029
JSON object : View
Products Affected
avaya
- aura_communication_manager
- aura_messaging
CWE
CWE-352
Cross-Site Request Forgery (CSRF)