CVE-2020-7035: XXE in Avaya Aura Orchestration Designer
First published: Fri Apr 23 2021(Updated: )
An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3.
Credit: securityalerts@avaya.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya Aura Orchestration Designer | >=7.0<=7.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-7035?
CVE-2020-7035 is an XML External Entities (XXE) vulnerability in the web-based user interface of Avaya Aura Orchestration Designer.
How can an attacker exploit CVE-2020-7035?
An authenticated, remote attacker can exploit CVE-2020-7035 to gain read access to information stored on the affected system.
What versions of Avaya Aura Orchestration Designer are affected by CVE-2020-7035?
All 7.x versions of Avaya Aura Orchestration Designer including 7.0 to 7.2.2 are affected by CVE-2020-7035.
What is the severity rating of CVE-2020-7035?
CVE-2020-7035 has a severity rating of 6.5 (high).
Is there a fix available for CVE-2020-7035?
Avaya has released a fix for CVE-2020-7035. Please refer to the vendor's advisory for more information.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/title
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/avaya
- canonical/avaya aura orchestration designer
- version/avaya aura orchestration designer/7.0
- version/avaya aura orchestration designer/7.2.2