Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-2975

A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.

Published

2022-10-06T18:15:59.447

Last Modified

2024-11-21T07:02:00.970

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.7 (HIGH)

Weaknesses

Type: Secondary
CWE-269
Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	avaya	aura_application_enablement_services	< 8.1.3.5	Yes
Application	avaya	aura_application_enablement_services	< 10.1.0.2	Yes

References

https://download.avaya.com/css/public/documents/101083688 Vendor Advisory ([email protected])
https://download.avaya.com/css/public/documents/101083688 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)