Alcatel Lucent

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-6498 1Alcatel Lucent 1Home Device Manager May 13, 2026 Aug 9, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices.
CVE-2015-8687 1Alcatel Lucent 1Motive Home Device Manager May 13, 2026 Mar 23, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) device...Show more Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do.Show less
CVE-2016-9796 1Alcatel Lucent 1Omnivista 8770 Network Management System May 6, 2026 Dec 3, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJo...Show more Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server."Show less
CVE-2015-4586 1Alcatel Lucent 1Cellpipe 7130 Rg 5ae.m2013 Hol Firmware May 6, 2026 Jun 23, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for requests that create...Show more Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for requests that create a user account via an add_user action in a request to password.cmd.Show less
CVE-2015-4587 1Alcatel Lucent 1Cellpipe 7130 Router Firmware May 6, 2026 Jun 18, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "po...Show more Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "port triggering" menu.Show less
CVE-2015-2805 1Alcatel Lucent 1Omniswitch Firmware May 6, 2026 Jun 16, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with f...Show more Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.Show less
CVE-2015-2804 1Alcatel Lucent 1Omniswitch Firmware May 6, 2026 Jun 16, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remot...Show more The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack.Show less
CVE-2013-4653 1Alcatel Lucent 4Omnitouch 8400 Instant Communications Suite Omnitouch 8460 Advanced Communication ServerOmnitouch 8660 My Teamwork+1 more Apr 29, 2026 Aug 20, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMD...Show more Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers to inject arbitrary web script or HTML via a user's personal bookmark entry that results in a stored XSS via unspecified vectors.Show less
CVE-2011-0345 1Alcatel Lucent 1Omnivista Apr 29, 2026 Mar 8, 2011 N/A· v4 N/A· v3 3.3 LOW· v2 Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related...Show more Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable.Show less
CVE-2011-0344 1Alcatel Lucent 1Omnipcx Apr 29, 2026 Mar 8, 2011 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server (CS) in Alcatel-Lucent OmniPCX Enterprise before R9.0...Show more Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server (CS) in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP headers.Show less
CVE-2010-3281 1Alcatel Lucent 1Omnivista 4760 Server Apr 29, 2026 Sep 23, 2010 N/A· v4 N/A· v3 5.4 MEDIUM· v2 Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via...Show more Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request.Show less
CVE-2010-3280 1Alcatel Lucent 2Ccagent Omnitouch Contact Center Apr 29, 2026 Sep 23, 2010 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the...Show more The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application.Show less
CVE-2010-3279 1Alcatel Lucent 2Ccagent Omnitouch Contact Center Apr 29, 2026 Sep 23, 2010 N/A· v4 N/A· v3 7.6 HIGH· v2 The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote atta...Show more The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers to monitor or reconfigure Contact Center operations via vectors involving TSA_maintenance.exe.Show less
CVE-2008-1331 1Alcatel Lucent 1Omnipcx Office Apr 23, 2026 Apr 2, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO reso...Show more cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter.Show less
CVE-2007-5361 1Alcatel Lucent 1Omnipcx Apr 23, 2026 Nov 20, 2007 N/A· v4 N/A· v3 8.5 HIGH· v2 The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets...Show more The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename.Show less
CVE-2007-5190 1Alcatel Lucent 1Omnivista Apr 23, 2026 Oct 22, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVista 4760 R4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter to php-bin/Webclient.php or (2) th...Show more Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVista 4760 R4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter to php-bin/Webclient.php or (2) the Langue parameter to the default URI.Show less
CVE-2007-2512 1Alcatel Lucent 1Omnipcx Apr 23, 2026 Jun 7, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems.
CVE-2007-1822 1Alcatel Lucent 1Voice Mail System Apr 23, 2026 Apr 2, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).
CVE-2007-0932 2Alcatel Lucent Aruba 2Mobility Controller Omniaccess Wireless Apr 23, 2026 Feb 14, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows r...Show more The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN.Show less
CVE-2007-0931 2Alcatel Lucent Aruba 2Mobility Controller Omniaccess Wireless Apr 23, 2026 Feb 14, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of ser...Show more Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings.Show less

12 Next