Vulnerability Description
A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Ip Office Application Server | >= 11.0, <= 11.0.4.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/156476/Avaya-IP-Office-Application-Server-1ExploitThird Party AdvisoryVDB Entry
- https://support.avaya.com/css/P8/documents/101062833Vendor Advisory
- http://packetstormsecurity.com/files/156476/Avaya-IP-Office-Application-Server-1ExploitThird Party AdvisoryVDB Entry
- https://support.avaya.com/css/P8/documents/101062833Vendor Advisory
FAQ
What is CVE-2019-7004?
CVE-2019-7004 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product ve...
How severe is CVE-2019-7004?
CVE-2019-7004 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-7004?
Check the references section above for vendor advisories and patch information. Affected products include: Avaya Ip Office Application Server.