CVE-2024-7477: Avaya Aura System Manager SQL injection vulnerability
First published: Thu Aug 08 2024(Updated: )
A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.
Credit: securityalerts@avaya.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya Aura System Manager | >=10.1<=10.1.2 | |
| Avaya Aura System Manager | =10.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/severity
- vendor/avaya
- canonical/avaya aura system manager
- version/avaya aura system manager/10.1
- version/avaya aura system manager/10.1.2
- version/avaya aura system manager/10.2