Information disclosure in Avaya Communication_manager

CVE-2008-3777

The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login a…

Vulnerability class: Information Disclosure

EPSS: 0.003 (21.1th percentile) — read the EPSS interpretation.

Affected products

Avaya Communication_manager — versions 5.0
Avaya S8300c_server
Avaya Sip_enablement_services — versions 5.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (vdb-entry, x_refsource_XF)