CVE-2020-7029
Severity CVSS v4.0:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
11/08/2020
Last modified:
17/08/2020
Description
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:avaya:aura_communication_manager:*:*:*:*:*:*:*:* | 7.0 (including) | 7.1.3.4 (including) |
cpe:2.3:a:avaya:aura_communication_manager:*:*:*:*:*:*:*:* | 8.0 (including) | 8.1.0.0 (excluding) |
cpe:2.3:a:avaya:aura_messaging:*:*:*:*:*:*:*:* | 7.0 (including) | 7.1 (excluding) |
cpe:2.3:a:avaya:aura_messaging:7.1:-:*:*:*:*:*:* | ||
cpe:2.3:a:avaya:aura_messaging:7.1:sp1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page