CVE-2019-7003 Information

Description

A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Reference

http://www.securityfocus.com/bid/109134 https://downloads.avaya.com/css/P8/documents/101059368 https://support.avaya.com/documents/documents-by-contenttype.action?product_id=P0941&product_name=Control+Manager&release_number=releaseId&contentType=ReleaseNotes

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

10.0