CVE-2018-15612

Published: Sep 21, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.

Affected (1)

Products: Avaya: Orchestration Designer

1 product

Orchestration Designer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avaya Orchestration Designer	Before 7.2.1

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://downloads.avaya.com/css/P8/documents/101052293

Source: securityalerts@avaya.com

PatchVendor Advisory

https://downloads.avaya.com/css/P8/documents/101052293

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.