CVE-2008-6573

Published: Apr 1, 2009Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.

Affected (11)

Products: Avaya: Communication Manager

1 product

Communication Manager

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Avaya Communication Manager	Up to 3.1
Avaya Communication Manager	Version 3.1.1
Avaya Communication Manager	Version 3.1.2
Avaya Communication Manager	Version 3.1.3
Avaya Communication Manager	Version 3.1.4
Avaya Communication Manager	Version 3.1.4 sp1
Avaya Communication Manager	Version 3.1.4 sp2
Avaya Communication Manager	Version 3.1.5
Avaya Communication Manager	Version 3.1.5 sp0
Avaya Communication Manager	Version 4.0
Avaya Communication Manager	Version 5.0

Related CWEs

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

References (24)

http://osvdb.org/44284

Source: cve@mitre.org

http://osvdb.org/44285

Source: cve@mitre.org

http://osvdb.org/44286

Source: cve@mitre.org

http://secunia.com/advisories/29744

Source: cve@mitre.org

Vendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm

Source: cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/28682

Source: cve@mitre.org

http://www.voipshield.com/research-details.php?id=22

Source: cve@mitre.org

http://www.voipshield.com/research-details.php?id=25

Source: cve@mitre.org

http://www.voipshield.com/research-details.php?id=26

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/41730

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/41733

Source: cve@mitre.org

http://osvdb.org/44284

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/44285

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/44286

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29744

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/28682

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.voipshield.com/research-details.php?id=22

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.voipshield.com/research-details.php?id=25

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.voipshield.com/research-details.php?id=26

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/41730

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/41733

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.