CVE-2018-6635

EUVD-2018-18382
System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
avayaaura
𝑥
≤ 7.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102940
http://www.securitytracker.com/id/1040329
https://downloads.avaya.com/css/P8/documents/101038598
http://www.securityfocus.com/bid/102940
http://www.securitytracker.com/id/1040329
https://downloads.avaya.com/css/P8/documents/101038598