Auth bypass in Avaya Communication_manager

CVE-2008-6707

The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive i…

Vulnerability class: Broken Authentication

EPSS: 0.015 (70.9th percentile) — read the EPSS interpretation.

Affected products

Avaya Communication_manager — versions 3.1, 3.1.1, 3.1.2
Avaya Sip_enablement_services — versions 3.0, 3.1, 3.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

cve@mitre.org (vdb-entry, x_refsource_VUPEN)
cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)