CVE-2022-2975
06.10.2022, 18:15
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.Enginsight
| Vendor | Product | Version |
|---|---|---|
| avaya | aura_application_enablement_services | 8.0.0.0 ≤ 𝑥 < 8.1.3.5 |
| avaya | aura_application_enablement_services | 10.1.0.0 ≤ 𝑥 < 10.1.0.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
- CWE-732 - Incorrect Permission Assignment for Critical ResourceThe product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.