Vulnerability Description
The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative access to these domain names, as demonstrated by alarm and log information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Secure Access Link Gateway | 1.5 |
Related Weaknesses (CWE)
References
- http://support.avaya.com/css/P8/documents/100140483Vendor Advisory
- http://www.kb.cert.org/vuls/id/690315US Government Resource
- http://www.securityfocus.com/bid/48942
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68922
- http://support.avaya.com/css/P8/documents/100140483Vendor Advisory
- http://www.kb.cert.org/vuls/id/690315US Government Resource
- http://www.securityfocus.com/bid/48942
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68922
FAQ
What is CVE-2011-3008?
CVE-2011-3008 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allow...
How severe is CVE-2011-3008?
CVE-2011-3008 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3008?
Check the references section above for vendor advisories and patch information. Affected products include: Avaya Secure Access Link Gateway.