CVE-2020-7036

Published: Apr 23, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7.

Affected (8)

Products: Avaya: Callback Assist

Avaya

1 product

Callback Assist

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Avaya Callback Assist	From 4.0.0 to 4.7.1.1
Avaya Callback Assist	Version 4.7.1.1
Avaya Callback Assist	Version 4.7.1.1 patch1
Avaya Callback Assist	Version 4.7.1.1 patch2
Avaya Callback Assist	Version 4.7.1.1 patch3
Avaya Callback Assist	Version 4.7.1.1 patch4
Avaya Callback Assist	Version 4.7.1.1 patch5
Avaya Callback Assist	Version 4.7.1.1 patch6

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://downloads.avaya.com/css/P8/documents/101075450

Source: securityalerts@avaya.com

Vendor Advisory

https://downloads.avaya.com/css/P8/documents/101075450

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.