Avaya

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-49186 2Avaya Sick 6Baggage Analytics Field AnalyticsLogistic Diagnostic Analytics+3 more Feb 3, 2026 Jun 12, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
CVE-2025-1041 1Avaya 1Call Management System Jul 30, 2025 Jun 10, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x...Show more An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.Show less
CVE-2024-12756 1Avaya 1Spaces Oct 1, 2025 Feb 11, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user.
CVE-2024-12755 1Avaya 1Spaces Jul 29, 2025 Feb 11, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information.
CVE-2024-7480 1Avaya 1Aura System Manager Oct 1, 2025 Aug 8, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected version...Show more An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.Show less
CVE-2024-7477 1Avaya 1Aura System Manager Sep 11, 2024 Aug 8, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. Affected version...Show more A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.Show less
CVE-2024-4197 1Avaya 1Ip Office Jan 21, 2025 Jun 25, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1.
CVE-2024-4196 1Avaya 1Ip Office Oct 1, 2025 Jun 25, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include...Show more An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.Show less
CVE-2023-7031 1Avaya 1Aura Experience Portal Nov 21, 2024 Jan 17, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions inclu...Show more Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support.Show less
CVE-2023-3722 1Avaya 1Aura Device Services Nov 21, 2024 Jul 19, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aur...Show more An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier.Show less
CVE-2023-3527 1Avaya 1Call Management System Nov 21, 2024 Jul 18, 2023 N/A· v4 6.8 MEDIUM· v3 N/A· v2 A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, ma...Show more A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel. Show less
CVE-2023-32218 1Avaya 1Ix Workforce Engagement Nov 21, 2024 May 30, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-31187 1Avaya 1Ix Workforce Engagement Nov 21, 2024 May 30, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials
CVE-2023-31186 1Avaya 1Ix Workforce Engagement Nov 21, 2024 May 30, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy
CVE-2022-38168 1Avaya 2Scopia Pathfinder 10 Pts Firmware Scopia Pathfinder 20 Pts Firmware May 2, 2025 Nov 3, 2022 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passw...Show more Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.Show less
CVE-2022-2249 1Avaya 1Aura Communication Manager Nov 21, 2024 Oct 12, 2022 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8...Show more Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0.Show less
CVE-2022-2975 1Avaya 1Aura Application Enablement Services Nov 21, 2024 Oct 6, 2022 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the roo...Show more A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.Show less
CVE-2021-25657 1Avaya 1Ip Office Nov 21, 2024 Sep 2, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature...Show more A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.Show less
CVE-2021-25654 1Avaya 1Aura Device Services Nov 21, 2024 Jun 25, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Devi...Show more An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services.Show less
CVE-2021-25656 1Avaya 1Aura Experience Portal Nov 21, 2024 Jun 24, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0...Show more Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).Show less

12 3 4 5 6 7 Next