A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.
References
Link | Resource |
---|---|
https://support.avaya.com/css/P8/documents/101070201 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: avaya
Published: 2020-08-11T00:00:00
Updated: 2020-08-11T23:05:17
Reserved: 2020-01-14T00:00:00
Link: CVE-2020-7029
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-11T23:15:11.590
Modified: 2020-08-17T18:35:03.253
Link: CVE-2020-7029
JSON object: View
Redhat Information
No data.
CWE