CVE-2018-15614 — MEDIUM (6.8)

Vulnerability Description

A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1.

CVSS Score

6.8

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Avaya	Ip Office	10.0

Related Weaknesses (CWE)

CWE-79

References

https://downloads.avaya.com/css/P8/documents/101054317Vendor Advisory
https://downloads.avaya.com/css/P8/documents/101054317Vendor Advisory

FAQ

What is CVE-2018-15614?

CVE-2018-15614 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could af...

How severe is CVE-2018-15614?

CVE-2018-15614 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-15614?

Check the references section above for vendor advisories and patch information. Affected products include: Avaya Ip Office.