What is the vulnerability ID?

The vulnerability ID is CVE-2019-7000.

What is the severity level of CVE-2019-7000?

The severity level of CVE-2019-7000 is medium.

What is the affected software?

The affected software is Avaya Aura Conferencing 8.x versions prior to 8.0 SP14 (8.0.14).

How can code execution be potentially achieved through CVE-2019-7000?

Code execution can be potentially achieved through the Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing.

How can I fix CVE-2019-7000?

To fix CVE-2019-7000, update Avaya Aura Conferencing to version 8.0 SP14 (8.0.14) or higher.

Vulnerability/
CVE-2019-7000

medium

6.1

CWE

31/7/2019

16/9/2024

CVE-2019-7000: Avaya Aura Conferencing XSS

First published: Wed Jul 31 2019(Updated: )

A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated.

Credit: securityalerts@avaya.com

Affected Software	Affected Version	How to fix
Avaya Aura Conferencing	<=8.0
Avaya Aura Conferencing	=8.0
Avaya Aura Conferencing	=8.0-sp10
Avaya Aura Conferencing	=8.0-sp11
Avaya Aura Conferencing	=8.0-sp12
Avaya Aura Conferencing	=8.0-sp13
Avaya Aura Conferencing	=8.0-sp2
Avaya Aura Conferencing	=8.0-sp4
Avaya Aura Conferencing	=8.0-sp5
Avaya Aura Conferencing	=8.0-sp7
Avaya Aura Conferencing	=8.0-sp8

Never miss a vulnerability like this again

Reference Links

https://downloads.avaya.com/css/P8/documents/101060208

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2019-7000.
What is the severity level of CVE-2019-7000?
The severity level of CVE-2019-7000 is medium.
What is the affected software?
The affected software is Avaya Aura Conferencing 8.x versions prior to 8.0 SP14 (8.0.14).
How can code execution be potentially achieved through CVE-2019-7000?
Code execution can be potentially achieved through the Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing.
How can I fix CVE-2019-7000?
To fix CVE-2019-7000, update Avaya Aura Conferencing to version 8.0 SP14 (8.0.14) or higher.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/weakness
agent/author
agent/severity
agent/references
agent/last-modified-date
agent/tags
agent/first-publish-date
agent/event
agent/description
vendor/avaya
canonical/avaya aura conferencing
version/avaya aura conferencing/8.0
version/avaya aura conferencing/8.0-sp10
version/avaya aura conferencing/8.0-sp11
version/avaya aura conferencing/8.0-sp12
version/avaya aura conferencing/8.0-sp13
version/avaya aura conferencing/8.0-sp2
version/avaya aura conferencing/8.0-sp4
version/avaya aura conferencing/8.0-sp5
version/avaya aura conferencing/8.0-sp7
version/avaya aura conferencing/8.0-sp8

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.