CVE-2020-7036

EUVD-2020-28170
An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
avayaCNA
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
avayacallback_assist
4.0.0 ≤
𝑥
< 4.7.1.1
avayacallback_assist
4.7.1.1
avayacallback_assist
4.7.1.1:patch1
avayacallback_assist
4.7.1.1:patch2
avayacallback_assist
4.7.1.1:patch3
avayacallback_assist
4.7.1.1:patch4
avayacallback_assist
4.7.1.1:patch5
avayacallback_assist
4.7.1.1:patch6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://downloads.avaya.com/css/P8/documents/101075450
https://downloads.avaya.com/css/P8/documents/101075450