CVE-2019-7003: ACM SQL Injection
First published: Thu Jul 11 2019(Updated: )
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.
Credit: securityalerts@avaya.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya Control Manager | >=7.0<8.0.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-7003?
CVE-2019-7003 is a SQL injection vulnerability in the reporting component of Avaya Control Manager that could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system.
What are the affected versions of Avaya Control Manager?
Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0.
How severe is CVE-2019-7003?
CVE-2019-7003 has a severity rating of critical with a severity value of 10.
How can an attacker exploit CVE-2019-7003?
An attacker can exploit CVE-2019-7003 by injecting malicious SQL commands into the reporting component of Avaya Control Manager.
How can I fix CVE-2019-7003?
To fix CVE-2019-7003, users should upgrade to Avaya Control Manager version 8.0.4.0 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/avaya
- canonical/avaya control manager
- version/avaya control manager/7.0