CVE-2024-7477

A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database.  Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_manager:10.2:*:*:*:*:*:*:*

History

11 Sep 2024, 15:03

Type Values Removed Values Added
CPE cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_manager:10.2:*:*:*:*:*:*:*
Summary
  • (es) Se encontró una vulnerabilidad de inyección SQL que podría permitir que un usuario de interfaz de línea de comandos (CLI) con privilegios administrativos ejecute consultas arbitrarias en la base de datos de Avaya Aura System Manager. Las versiones afectadas incluyen 10.1.xx y 10.2.xx. Las versiones anteriores a 10.1 finalizan el soporte del fabricante.
References () https://download.avaya.com/css/public/documents/101091159 - () https://download.avaya.com/css/public/documents/101091159 - Vendor Advisory
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 6.7
First Time Avaya aura System Manager
Avaya

08 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-08 16:15

Updated : 2024-09-11 15:03


NVD link : CVE-2024-7477

Mitre link : CVE-2024-7477

CVE.ORG link : CVE-2024-7477


JSON object : View

Products Affected

avaya

  • aura_system_manager
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')