1. Home
  2. CVE Database
  3. CVE-2008-6707
MEDIUM · 6.4

CVE-2008-6707

The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows...

Vulnerability Description

The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."

CVSS Score

6.4

MEDIUM

AV:N/AC:L/Au:N/C:P/I:P/A:N
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
AvayaSip Enablement Services3.0
AvayaCommunication Manager3.1

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2008-6707?

CVE-2008-6707 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows...

How severe is CVE-2008-6707?

CVE-2008-6707 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-6707?

Check the references section above for vendor advisories and patch information. Affected products include: Avaya Sip Enablement Services, Avaya Communication Manager.