CVE-2019-7003 Vulnerability Details

  /     /     /  

CVE-2019-7003 Metadata Quick Info

CVE Published: 11/07/2019 | CVE Updated: 17/09/2024 | CVE Year: 2019
Source: avaya | Vendor: Avaya | Product: Avaya Control Manager
Status : PUBLISHED

---

CVE-2019-7003 Description

A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-89
CWE Name: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ( SQL Injection )
Source: Avaya

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).