CVE-2023-3527: Avaya Call Management System CSV injection vulnerability
First published: Tue Jul 18 2023(Updated: )
A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.
Credit: securityalerts@avaya.com securityalerts@avaya.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya Call Management System | <20.0.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-3527.
What is the title of the vulnerability?
The title of the vulnerability is 'A CSV injection vulnerability in Avaya Call Management System (CMS) Supervisor web app.'
What is the severity of CVE-2023-3527?
The severity of CVE-2023-3527 is medium with a CVSS score of 6.8.
How does the vulnerability affect Avaya Call Management System (CMS)?
The vulnerability affects Avaya Call Management System (CMS) versions up to 20.0.0.0.
Is there a fix available for CVE-2023-3527?
To fix CVE-2023-3527, it is recommended to update Avaya Call Management System (CMS) to a version that is not affected by the vulnerability.
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/remedy
- agent/references
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/avaya
- canonical/avaya call management system