CVE-2018-6635

Published: Feb 5, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896.

Affected (1)

Products: Avaya: Aura

Avaya

1 product

Aura

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avaya Aura	Up to 7.1.1

Related CWEs

CWE-326

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (6)

http://www.securityfocus.com/bid/102940

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040329

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://downloads.avaya.com/css/P8/documents/101038598

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/102940

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040329

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://downloads.avaya.com/css/P8/documents/101038598

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.