CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-7003

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1180%
EPSS Percentile34.54th
Published2019年7月11日
Last Modified2024年11月21日

Vulnerability Description

A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.

Affected Platforms (CPE)

📦
Avaya

Control Manager

>= 7.0 and < 8.0.4.0

References & Advisories

🔗 http://www.securityfocus.com/bid/109134
🔗 https://downloads.avaya.com/css/P8/documents/101059368
🔗 https://support.avaya.com/documents/documents-by-contenttype.action?product_id=P0941&product_name=Control+Manager&release_number=releaseId&contentType=ReleaseNotes
🔗 http://www.securityfocus.com/bid/109134
🔗 https://downloads.avaya.com/css/P8/documents/101059368

相關漏洞威脅

CVE-2026-361110.0

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default co...

CVE-2018-172210.0

IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federa...

CVE-2018-1051110.0

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request for...

CVE-2019-954810.0

Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.