CVE-2018-15612: Orchestration Designer Runtime Config CSRF
First published: Fri Sep 21 2018(Updated: )
A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.
Credit: securityalerts@avaya.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya Orchestration Designer | <7.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Avaya Aura Orchestration Designer vulnerability?
The vulnerability ID for this Avaya Aura Orchestration Designer vulnerability is CVE-2018-15612.
What is the severity of CVE-2018-15612?
The severity of CVE-2018-15612 is high with a CVSS score of 8.8.
What is the affected software of CVE-2018-15612?
The affected software of CVE-2018-15612 is Avaya Orchestration Designer up to version 7.2.1.
What is the impact of CVE-2018-15612?
CVE-2018-15612 allows an attacker to add, change, or remove administrative settings.
Is there a fix available for CVE-2018-15612?
Yes, a fix is available for CVE-2018-15612. It is recommended to update to a version of Avaya Orchestration Designer that is not affected by the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/title
- agent/remedy
- agent/weakness
- agent/tags
- agent/description
- agent/event
- vendor/avaya
- canonical/avaya orchestration designer