| Summary | Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server. |
|---|---|
| Publication Date | April 2, 2009, 7:30 a.m. |
| Registration Date | Jan. 29, 2021, 1:50 p.m. |
| Last Update | Aug. 17, 2017, 10:29 a.m. |
| CVSS2.0 : MEDIUM | |
| Score | 6.8 |
|---|---|
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| 攻撃元区分(AV) | ネットワーク |
| 攻撃条件の複雑さ(AC) | 中 |
| 攻撃前の認証要否(Au) | 不要 |
| 機密性への影響(C) | 低 |
| 完全性への影響(I) | 低 |
| 可用性への影響(A) | 低 |
| Get all privileges. | いいえ |
| Get user privileges | いいえ |
| Get other privileges | いいえ |
| User operation required | いいえ |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:avaya:communication_manager:*:*:*:*:*:*:*:* | 3.1 | ||||
| cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:* | |||||
| cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:* | |||||
| cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:* | |||||
| cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:* | |||||