Vulnerability Description
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Control Manager | >= 7.0, < 8.0.4.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/109134Broken LinkThird Party AdvisoryVDB Entry
- https://downloads.avaya.com/css/P8/documents/101059368Vendor Advisory
- https://support.avaya.com/documents/documents-by-contenttype.action?product_id=PRelease NotesVendor Advisory
- http://www.securityfocus.com/bid/109134Broken LinkThird Party AdvisoryVDB Entry
- https://downloads.avaya.com/css/P8/documents/101059368Vendor Advisory
FAQ
What is CVE-2019-7003?
CVE-2019-7003 is a vulnerability with a CVSS score of 10.0 (CRITICAL). A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other...
How severe is CVE-2019-7003?
CVE-2019-7003 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-7003?
Check the references section above for vendor advisories and patch information. Affected products include: Avaya Control Manager.