CVE-2024-7477
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
08/08/2024
Last modified:
11/09/2024
Description
A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. <br />
<br />
Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.
Impact
Base Score 3.x
6.70
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:* | 10.1 (including) | 10.1.2 (including) |
cpe:2.3:a:avaya:aura_system_manager:10.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page