CVE-2024-7477

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
08/08/2024
Last modified:
11/09/2024

Description

A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. <br /> <br /> Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:* 10.1 (including) 10.1.2 (including)
cpe:2.3:a:avaya:aura_system_manager:10.2:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools