SQL Injection in Avaya Communication_manager

CVE-2008-6573

Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles i…

Vulnerability class: SQL Injection

EPSS: 0.015 (70.9th percentile) — read the EPSS interpretation.

Affected products

Avaya Communication_manager — versions 3.1.1, 3.1.2, 3.1.3
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (x_refsource_OSVDB, vdb-entry)