CyberSec.Space Logo
Back to CVE Browser

CVE-2019-7003

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1180%
EPSS Percentile34.54th
PublishedJul 11, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.

Affected Platforms (CPE)

πŸ“¦
Avaya

Control Manager

>= 7.0 and < 8.0.4.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/109134
πŸ”— https://downloads.avaya.com/css/P8/documents/101059368
πŸ”— https://support.avaya.com/documents/documents-by-contenttype.action?product_id=P0941&product_name=Control+Manager&release_number=releaseId&contentType=ReleaseNotes
πŸ”— http://www.securityfocus.com/bid/109134
πŸ”— https://downloads.avaya.com/css/P8/documents/101059368

Related Vulnerabilities

CVE-2026-361110.0

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default co...

CVE-2018-172210.0

IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federa...

CVE-2018-1051110.0

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request for...

CVE-2019-954810.0

Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.