CVE-2019-7004: Avaya IP Office XSS Vulnerability
First published: Wed Dec 11 2019(Updated: )
A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.
Credit: securityalerts@avaya.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya Ip Office Application Server | >=11.0<=11.0.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-7004.
What is the severity level of CVE-2019-7004?
The severity level of CVE-2019-7004 is medium with a CVSS score of 5.4.
Which component of IP Office Application Server is affected by CVE-2019-7004?
The WebUI component of IP Office Application Server is affected by CVE-2019-7004.
How does CVE-2019-7004 impact the system?
CVE-2019-7004 allows unauthorized code execution and potentially discloses sensitive information.
Is there a fix available for CVE-2019-7004?
Yes, Avaya has released a fix for CVE-2019-7004. It is recommended to update to a version 11.x after 11.0.4.0.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/avaya
- canonical/avaya ip office application server
- version/avaya ip office application server/11.0
- version/avaya ip office application server/11.0.4.0