First published: Thu Oct 06 2022(Updated: )
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.
Credit: securityalerts@avaya.com
Affected Software | Affected Version | How to fix |
---|---|---|
Avaya Aura Application Enablement Services | >=8.0.0.0<8.1.3.5 | |
Avaya Aura Application Enablement Services | >=10.1.0.0<10.1.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Avaya Aura Application Enablement Services vulnerability is CVE-2022-2975.
The severity of CVE-2022-2975 is high, with a severity value of 6.7.
The affected software for CVE-2022-2975 is Avaya Aura Application Enablement Services versions 8.0.0.0 to 8.1.3.5 and versions 10.1.0.0 to 10.1.0.2.
CVE-2022-2975 allows an administrative user to modify accounts, which can lead to the execution of arbitrary code as the root user in Avaya Aura Application Enablement Services.
The Common Weakness Enumeration (CWE) ID for CVE-2022-2975 is CWE-732 and CWE-269.