CVE-2018-15610

Severity CVSS v4.0:
Pending analysis
Type:
CWE-284 Improper Access Control
Publication date:
12/09/2018
Last modified:
17/06/2026

Description

A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:avaya:ip_office:9.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp10:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp11:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp12:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp2:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp3:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp4:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp5:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp6:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp7:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp8:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp9:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:sp1:*:*:*:*:*:*