CVE-2018-15616

A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 CRITICAL
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
avayaCNA
9 CRITICAL
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
avayaavaya_aura_system_platform
6.3.0 ≤
𝑥
≤ 6.3.9
avayaavaya_aura_system_platform
6.4.0 ≤
𝑥
≤ 6.4.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://downloads.avaya.com/css/P8/documents/101052865
https://downloads.avaya.com/css/P8/documents/101052865