Search criteria
17 vulnerabilities found for N/A by AVAYA
CERTFR-2014-AVI-059
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Avaya. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| AVAYA | N/A | Avaya IP Office Server Edition branches 8.x et 9.x | ||
| AVAYA | N/A | Avaya Meeting Exchange branches 5.x et 6.x | ||
| AVAYA | N/A | Avaya Aura Experience Portal branches 6.x et 7.x | ||
| AVAYA | N/A | Avaya IP Office Application Server branches 8.x et 9.x | ||
| AVAYA | N/A | Avaya CMS branche R17.x | ||
| AVAYA | N/A | Avaya Message Networking branche 6.x | ||
| AVAYA | N/A | Avaya Voice Portal branche 5.x | ||
| AVAYA | N/A | Avaya Aura System Manager de la version 5.2 à la version 6.2.3 | ||
| AVAYA | N/A | Avaya one-X Client Enablement Services branche 6.x |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya IP Office Server Edition branches 8.x et 9.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Meeting Exchange branches 5.x et 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Experience Portal branches 6.x et 7.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IP Office Application Server branches 8.x et 9.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya CMS branche R17.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Message Networking branche 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Voice Portal branche 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Manager de la version 5.2 \u00e0 la version 6.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya one-X Client Enablement Services branche 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4408"
},
{
"name": "CVE-2013-4475",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4475"
}
],
"links": [],
"reference": "CERTFR-2014-AVI-059",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-02-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eAvaya\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Avaya",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2014-029 du 20 janvier 2014",
"url": "https://downloads.avaya.com/css/P8/documents/100177852"
}
]
}
CERTA-2013-AVI-054
Vulnerability from certfr_avis - Published: - Updated:
Des vulnérabilités ont été corrigées dans Avaya Aura Experience Portal. Certaines d'entre elles permettent à un attaquant d'exécuter du code arbitraire à distance au moyen de fichiers XML spécialement conçus. Elles concernent le composant libxml2.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya Aura Experience Portal version 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Experience Portal version 6.0 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
},
{
"name": "CVE-2011-3919",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
}
],
"links": [],
"reference": "CERTA-2013-AVI-054",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-01-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Des vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eAvaya\nAura Experience Portal\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance au moyen de fichiers\nXML sp\u00e9cialement con\u00e7us. Elles concernent le composant \u003cspan\nclass=\"textit\"\u003elibxml2\u003c/span\u003e.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Avaya Aura Experience Portal",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya du 16 janvier 2013",
"url": "https://downloads.avaya.com/css/P8/documents/100155559"
}
]
}
CERTA-2013-AVI-028
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Avaya Call Management System. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges et potentiellement de compromettre le système.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya Call Management System version R15",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Call Management System version R16.3",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Call Management System version R16",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2006-4168",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4168"
},
{
"name": "CVE-2009-3895",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3895"
}
],
"links": [],
"reference": "CERTA-2013-AVI-028",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAvaya Call Management System\u003c/span\u003e. Certaines d\u0027entre\nelles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges\net potentiellement de compromettre le syst\u00e8me.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Avaya Call Management System",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-176 du 11 janvier 2013",
"url": "https://downloads.avaya.com/css/P8/documents/100161000"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-056 du 11 janvier 2013",
"url": "https://downloads.avaya.com/css/P8/documents/100156057"
}
]
}
CERTA-2012-AVI-739
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Avaya Aura System Manager. Certaines d'entre elles permettent à un attaquant d'exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya Aura System Manager branche 6.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Manager branche 6.1.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Manager branche 6.0.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Manager version 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [],
"reference": "CERTA-2012-AVI-739",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAvaya Aura System Manager\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Avaya Aura System Manager",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2011-122 du 28 avril 2011",
"url": "https://downloads.avaya.com/css/P8/documents/100134336"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2011-122 du 03 f\u00e9vrier 2011",
"url": "https://downloads.avaya.com/css/P8/documents/100126851"
}
]
}
CERTA-2012-AVI-734
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans les produits Avaya. Elle concerne des débordements d'entiers dans les fonctions strtod(), strtof() et strtold() pouvant mener à des débordement de tampon en mémoire. Un utilisateur malintentionné peut ainsi exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| AVAYA | N/A | Avaya Aura Application Server 5300 versions 2.x et 3.x | ||
| AVAYA | N/A | Avaya Aura Messaging version 6.x | ||
| AVAYA | N/A | Avaya Aura Application Enablement Services versions 5.x et 6.x | ||
| AVAYA | N/A | Avaya IP Office Application Server version 8.x | ||
| AVAYA | N/A | Avaya Proactive Contact version 5.x | ||
| AVAYA | N/A | Avaya Communication Server 1000 versions 6.x et 7.x | ||
| AVAYA | N/A | Avaya Aura Session Manager versions 1.x, 5.x, 6.1.x, 6.2 à 6.2.2 | ||
| AVAYA | N/A | Avaya Aura Communication Manager version 6.x | ||
| AVAYA | N/A | Avaya Voice Portal version 5.x | ||
| AVAYA | N/A | Avaya Aura Presence Services version 6.x | ||
| AVAYA | N/A | Avaya Aura System Manager versions 5.x, 6.1.x et 6.2.x | ||
| AVAYA | N/A | Avaya Aura System Platform versions 1.x et 6.x | ||
| AVAYA | N/A | Avaya one-X Client Enablement Services version 6.x | ||
| AVAYA | N/A | Avaya Aura Conferencing Standard Edition version 6.x | ||
| AVAYA | N/A | Avaya IQ version 5.x | ||
| AVAYA | N/A | Avaya Aura Communication Manager Utility Services version 6.x |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya Aura Application Server 5300 versions 2.x et 3.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Messaging version 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Application Enablement Services versions 5.x et 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IP Office Application Server version 8.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Proactive Contact version 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Communication Server 1000 versions 6.x et 7.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Session Manager versions 1.x, 5.x, 6.1.x, 6.2 \u00e0 6.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Communication Manager version 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Voice Portal version 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Presence Services version 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Manager versions 5.x, 6.1.x et 6.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Platform versions 1.x et 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya one-X Client Enablement Services version 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Conferencing Standard Edition version 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IQ version 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Communication Manager Utility Services version 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3480",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3480"
}
],
"links": [],
"reference": "CERTA-2012-AVI-734",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les produits \u003cspan\nclass=\"textit\"\u003eAvaya\u003c/span\u003e. Elle concerne des d\u00e9bordements d\u0027entiers\ndans les fonctions \u003cspan class=\"textit\"\u003estrtod()\u003c/span\u003e, \u003cspan\nclass=\"textit\"\u003estrtof()\u003c/span\u003e et \u003cspan class=\"textit\"\u003estrtold()\u003c/span\u003e\npouvant mener \u00e0 des d\u00e9bordement de tampon en m\u00e9moire. Un utilisateur\nmalintentionn\u00e9 peut ainsi ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Avaya",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya 100167371 du 10 d\u00e9cembre 2012",
"url": "https://downloads.avaya.com/css/P8/documents/100167371"
}
]
}
CERTA-2012-AVI-685
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans Avaya Call Management System. Elle permet à un attaquant de provoquer un déni de service. Elle concerne Oracle Solaris.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya Call Management System version R15",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Call Management System version R16.3",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Call Management System version R16",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Call Management System version R16.2",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Call Management System version R16.1",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-1692",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1692"
}
],
"links": [],
"reference": "CERTA-2012-AVI-685",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-11-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eAvaya Call\nManagement System\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\nd\u00e9ni de service. Elle concerne \u003cspan class=\"textit\"\u003eOracle\nSolaris\u003c/span\u003e.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Avaya Call Management System",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-174 du 20 novembre 2012",
"url": "https://downloads.avaya.com/css/P8/documents/100161091"
}
]
}
CERTA-2012-AVI-616
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans Avaya Aura Session Manager. Elle permet à un attaquant local de provoquer un déni de service au moyen d'une application spécialement conçue. Elle concerne les versions antérieures à la version 3.2.24 du noyau Linux.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya IQ avec la branche 3.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Session Manager version 6.2.1 et version 6.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Voice Portal version 5.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3375",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3375"
}
],
"links": [],
"reference": "CERTA-2012-AVI-616",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-11-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eAvaya Aura\nSession Manager\u003c/span\u003e. Elle permet \u00e0 un attaquant local de provoquer un\nd\u00e9ni de service au moyen d\u0027une application sp\u00e9cialement con\u00e7ue. Elle\nconcerne les versions ant\u00e9rieures \u00e0 la version 3.2.24 du noyau \u003cspan\nclass=\"textit\"\u003eLinux\u003c/span\u003e.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Avaya Aura Session Manager",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-344 du 22 ao\u00fbt 2012",
"url": "https://downloads.avaya.com/css/P8/documents/100165733"
}
]
}
CERTA-2012-AVI-518
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Avaya. Les correctifs sont liés à la mise à jour de leurs systèmes Redhat.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| AVAYA | N/A | Avaya Aura Presence Services versions 6.x | ||
| AVAYA | N/A | Avaya Aura Communication Manager versions 6.x | ||
| AVAYA | N/A | Avaya Proactive Contact versions 5.x | ||
| AVAYA | N/A | Avaya IP Office Application Server versions 7.x | ||
| AVAYA | N/A | Avaya IP Office Application Server versions 6.x | ||
| AVAYA | N/A | Avaya Aura Communication Manager versions 5.x | ||
| AVAYA | N/A | Avaya Voice Portal version 5.1 | ||
| AVAYA | N/A | Avaya IQ versions 5.x | ||
| AVAYA | N/A | Avaya Aura System Platform versions 1.x | ||
| AVAYA | N/A | Avaya Voice Portal version 5.0 | ||
| AVAYA | N/A | Avaya Aura Messaging versions 6.x | ||
| AVAYA | N/A | Avaya Aura System Platform versions 6.0.x | ||
| AVAYA | N/A | Avaya Aura System Manager versions 6.x | ||
| AVAYA | N/A | Avaya Voice Portal version 5.1.1 | ||
| AVAYA | N/A | Avaya Voice Portal version 5.1.2 | ||
| AVAYA | N/A | Avaya Aura SIP Enablement Services versions 5.x | ||
| AVAYA | N/A | Avaya Aurora Session Manager version 6.2 | ||
| AVAYA | N/A | Avaya IP Office Application Server versions 8.x | ||
| AVAYA | N/A | Avaya Aurora Session Manager versions 5.x | ||
| AVAYA | N/A | Avaya Aura System Manager versions 5.x | ||
| AVAYA | N/A | Avaya Aura Application Enablement Services versions 5.x | ||
| AVAYA | N/A | Avaya Aura Experience Portal versions 6.x | ||
| AVAYA | N/A | Avaya Meeting Exchange versions 5.x | ||
| AVAYA | N/A | Avaya Messaging Storage Server 5.2.x | ||
| AVAYA | N/A | Avaya Aura Conferencing Standard Edition versions 6.x | ||
| AVAYA | N/A | Avaya Aura Communication Manager versions 4.x | ||
| AVAYA | N/A | Avaya Aura Application Server 5300 | ||
| AVAYA | N/A | Avaya Aurora Session Manager versions 1.x | ||
| AVAYA | N/A | Avaya Aurora Session Manager version 6.2.1 | ||
| AVAYA | N/A | Avaya Communication Server 1000 versions 7.x | ||
| AVAYA | N/A | Avaya Aura Application Enablement Services versions 6.x | ||
| AVAYA | N/A | Avaya Aurora Session Manager versions 6.0.x | ||
| AVAYA | N/A | Avaya Communication Server 1000 versions 6.x | ||
| AVAYA | N/A | Avaya Aura System Platform version 6.2 | ||
| AVAYA | N/A | Avaya Aura Communication Manager Utility Services versions 6.x | ||
| AVAYA | N/A | Avaya Aurora Session Manager versions 6.1.x |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya Aura Presence Services versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Communication Manager versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Proactive Contact versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IP Office Application Server versions 7.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IP Office Application Server versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Communication Manager versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Voice Portal version 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IQ versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Platform versions 1.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Voice Portal version 5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Messaging versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Platform versions 6.0.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Manager versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Voice Portal version 5.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Voice Portal version 5.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura SIP Enablement Services versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager version 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IP Office Application Server versions 8.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Manager versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Application Enablement Services versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Experience Portal versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Meeting Exchange versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Messaging Storage Server 5.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Conferencing Standard Edition versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Communication Manager versions 4.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Application Server 5300",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager versions 1.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager version 6.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Communication Server 1000 versions 7.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Application Enablement Services versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager versions 6.0.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Communication Server 1000 versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Platform version 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Communication Manager Utility Services versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager versions 6.1.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2213",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2213"
},
{
"name": "CVE-2010-4649",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4649"
},
{
"name": "CVE-2011-1044",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1044"
},
{
"name": "CVE-2011-2022",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2022"
},
{
"name": "CVE-2011-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1746"
},
{
"name": "CVE-2011-0695",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0695"
},
{
"name": "CVE-2011-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1745"
},
{
"name": "CVE-2012-0884",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
},
{
"name": "CVE-2011-1776",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1776"
},
{
"name": "CVE-2011-4028",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4028"
},
{
"name": "CVE-2011-1936",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1936"
},
{
"name": "CVE-2011-1593",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1593"
},
{
"name": "CVE-2011-1182",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1182"
},
{
"name": "CVE-2012-1165",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1165"
},
{
"name": "CVE-2012-0864",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2011-2492",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2492"
},
{
"name": "CVE-2011-1573",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1573"
},
{
"name": "CVE-2011-0419",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0419"
},
{
"name": "CVE-2011-0711",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0711"
},
{
"name": "CVE-2011-1576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1576"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100160780"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100160023"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 19 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100162507"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100160589"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 19 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100147390"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100141102"
}
],
"reference": "CERTA-2012-AVI-518",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eAvaya\u003c/span\u003e. Les correctifs sont li\u00e9s \u00e0 la mise \u00e0 jour\nde leurs syst\u00e8mes \u003cspan class=\"textit\"\u003eRedhat\u003c/span\u003e.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Avaya",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 Avaya",
"url": null
}
]
}
CERTA-2012-AVI-463
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans Avaya. Elle concerne une altération en mémoire dû au fichier « apr_fnmatch.c ». Un utilisateur malintentionné peut ainsi provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya CMS R16.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya CMS R16 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya CMS R16.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya CMS R15 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IR 4.x.",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya CMS R16.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0419",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0419"
}
],
"links": [],
"reference": "CERTA-2012-AVI-463",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-08-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eAvaya\u003c/span\u003e.\nElle concerne une alt\u00e9ration en m\u00e9moire d\u00fb au fichier \u00ab apr_fnmatch.c \u00bb.\nUn utilisateur malintentionn\u00e9 peut ainsi provoquer un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans certains produits Avaya",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya 100165695 du 20 ao\u00fbt 2012",
"url": "https://downloads.avaya.com/css/P8/documents/100165695"
}
]
}
CERTA-2012-AVI-365
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilitié a été corrigée dans Avaya IP Office Customer Call Reporter. Elle permet à un utilisateur non authentifié de pouvoir envoyer des fichiers arbitraires sur le serveur au moyen de « ImageUpload.ashx ». Ainsi un attaquant peut exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Versions ant\u00e9rieures \u00e0 Avaya IP Office Customer Call Reporter 7.0.5.8 pour la branche 7.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 Avaya IP Office Customer Call Reporter 8.0.9.13 pour la branche 8.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3811",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3811"
}
],
"links": [],
"reference": "CERTA-2012-AVI-365",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-07-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabiliti\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eAvaya IP\nOffice Customer Call Reporter\u003c/span\u003e. Elle permet \u00e0 un utilisateur non\nauthentifi\u00e9 de pouvoir envoyer des fichiers arbitraires sur le serveur\nau moyen de \u00ab ImageUpload.ashx \u00bb. Ainsi un attaquant peut ex\u00e9cuter du\ncode arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Avaya IP Office Customer Call Reporter",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA 100164021 du 28 juin 2012",
"url": "https://downloads.avaya.com/css/P8/documents/100164021"
}
]
}
CERTA-2012-AVI-102
Vulnerability from certfr_avis - Published: - Updated:
Des vulnérabilités dans Avaya CMS permettent de réaliser un déni de service à distance.
Description
Avaya CMS intègre une version vulnérable de la suite logicielle Oracle Sun Products Suite. Celle-ci comporte des failles permettant de réaliser un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya CMS versions R15 et R16.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IR version 4.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nAvaya CMS int\u00e8gre une version vuln\u00e9rable de la suite logicielle Oracle\nSun Products Suite. Celle-ci comporte des failles permettant de r\u00e9aliser\nun d\u00e9ni de service \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0109",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0109"
},
{
"name": "CVE-2012-0094",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0094"
}
],
"links": [],
"reference": "CERTA-2012-AVI-102",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-02-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Des vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eAvaya CMS\u003c/span\u003e permettent\nde r\u00e9aliser un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Avaya CMS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya du 27 f\u00e9vrier 2012",
"url": "https://support.avaya.com/css/P8/documents/100155617"
}
]
}
CERTA-2011-AVI-363
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité découverte dans les produits Avaya permet, sous certaines conditions, un accés illégitime aux données présentes sur le serveur hébergeant cette solution.
Description
Un serveur TFTP vulnérable est présent dans les solutions Avaya B5800 Branch Gateway 6.X et Avaya IP Office. Un utilisateur malveillant sur le réseau local peut, sous certaines conditions, accéder de façon illégitime aux données présentes sur le serveur sur lequel cette solution est installée.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya B5800 Branch Gateway 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IP Office toutes versions.",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUn serveur TFTP vuln\u00e9rable est pr\u00e9sent dans les solutions Avaya B5800\nBranch Gateway 6.X et Avaya IP Office. Un utilisateur malveillant sur le\nr\u00e9seau local peut, sous certaines conditions, acc\u00e9der de fa\u00e7on\nill\u00e9gitime aux donn\u00e9es pr\u00e9sentes sur le serveur sur lequel cette\nsolution est install\u00e9e.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [],
"reference": "CERTA-2011-AVI-363",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-06-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 d\u00e9couverte dans les produits Avaya permet, sous\ncertaines conditions, un acc\u00e9s ill\u00e9gitime aux donn\u00e9es pr\u00e9sentes sur le\nserveur h\u00e9bergeant cette solution.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Avaya IP Office Manager",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2011-156 du 15 juin 2011",
"url": "https://support.avaya.com/css/P8/documents/100141179"
}
]
}
CERTA-2008-AVI-496
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités affectant Avaya Communication Manager permettent à une personne malintentionnée d'exécuter du code arbitraire à distance.
Description
Deux vulnérabilités ont été découvertes dans Avaya Communication Manager. Des erreurs dans les fonctions Set Static Routes et Backup History permettent à une personne malintentionnée d'exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya Communication Manager 3.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Communication Manager 5.x.",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Communication Manager 4.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Avaya Communication\nManager. Des erreurs dans les fonctions Set Static Routes et Backup\nHistory permettent \u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [],
"reference": "CERTA-2008-AVI-496",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-10-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant Avaya Communication Manager\npermettent \u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire\n\u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Avaya Communication Manager",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2008-391 du 08 octobre 2008",
"url": "http://support.avaya.com/elmdocs2/security/ASA-2008-391.htm"
}
]
}
CERTA-2008-AVI-352
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités concernant Avaya CMS permettent à un utilisateur distant malintentionné de porter atteinte à la confidentialité des données, de provoquer un déni de service, d'exécuter du code arbitraire et/ou d'élever ses privilèges.
Description
Les vulnérabilités présentes dans Avaya CMS affectent le serveur graphique X.Org. Ces vulnérabilités ont été décrites dans l'avis CERTA-2008-AVI-317.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya Call Management System (CMS).",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nLes vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Avaya CMS affectent le serveur\ngraphique X.Org. Ces vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9crites dans l\u0027avis\nCERTA-2008-AVI-317.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-2361",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2361"
},
{
"name": "CVE-2008-2362",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2362"
},
{
"name": "CVE-2008-1379",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1379"
},
{
"name": "CVE-2008-2360",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2360"
},
{
"name": "CVE-2008-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1377"
}
],
"links": [
{
"title": "R\u00e9f\u00e9rence \u00e0 l\u0027avis CERTA-2008-AVI-317 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-317/CERTA-2008-AVI-317.html"
}
],
"reference": "CERTA-2008-AVI-352",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-07-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s concernant Avaya CMS permettent \u00e0 un\nutilisateur distant malintentionn\u00e9 de porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, de provoquer un d\u00e9ni de service, d\u0027ex\u00e9cuter\ndu code arbitraire et/ou d\u0027\u00e9lever ses privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Avaya Call Management System",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2008-249 du 30 juin 2008",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
}
]
}
CERTA-2008-AVI-051
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été identifiée dans Avaya Distributed Office. Celle-ci permettrait à une personne malveillante distante de perturber le fonctionnement du système.
Description
Une vulnérabilité a été identifiée dans Avaya Distributed Office et sa mise en œuvre du pare-feu iptables. Celle-ci permettrait à une personne malveillante distante de perturber le fonctionnement du système.
Solution
Se référer au bulletin de sécurité ASA-2008-041 d'Avaya pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya Distributed Office, pour les versions 1.1.1_41.03 n\u0027ayant pas le Service Pack 1.0.5.",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans Avaya Distributed Office et sa\nmise en \u0153uvre du pare-feu iptables. Celle-ci permettrait \u00e0 une personne\nmalveillante distante de perturber le fonctionnement du syst\u00e8me.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 ASA-2008-041 d\u0027Avaya pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
"cves": [],
"links": [
{
"title": "Page de t\u00e9l\u00e9chargement et de pr\u00e9sentation d\u0027Avaya Distributed Office :",
"url": "http://support.avaya.com/japple/css/japple?PAGE=Product\u0026temp.productID=316564"
},
{
"title": "Avis de s\u00e9curit\u00e9 Avaya ASA-2008-041 du 01 f\u00e9vrier 2008 :",
"url": "http://support.avaya.com/japple/css/japple?temp.documentID=334284\u0026temp.productID=154235\u0026temp.releaseID=331129\u0026temp.bucketID=126655\u0026PAGE=Document"
}
],
"reference": "CERTA-2008-AVI-051",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-02-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans Avaya Distributed Office.\nCelle-ci permettrait \u00e0 une personne malveillante distante de perturber\nle fonctionnement du syst\u00e8me.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Avaya Distributed Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2008-041 du 01 f\u00e9vrier 2008",
"url": null
}
]
}
CERTA-2007-AVI-527
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été identifiée dans le serveur web inclus dans plusieurs produits Avaya. Celle-ci peut être exploitée à distance pour perturber le fonctionnement du service.
Description
Une vulnérabilité a été identifiée dans le serveur web inclus dans plusieurs produits Avaya. Il s'agit de la version d'Apache avec le module mod_proxy configurée en mode reverse proxy. Cette vulnérabilité est identique à celle mentionnée dans l'avis CERTA-2007-AVI-402 du 13 septembre 2007.
Une personne malintentionnée peut provoquer un déni de service du serveur suite à une requête construite de manière particulière.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| AVAYA | N/A | Avaya CCS/SES, pour les versions SES 3.x et 4.0 ; | ||
| AVAYA | N/A | Avaya Message Networking, version MN 3.1 ; | ||
| AVAYA | N/A | Avaya Messaging Storage Server, pour les versions MSS 3.x ; | ||
| AVAYA | N/A | Avaya Intuity Audix LX, version IALX 2.0 ; | ||
| AVAYA | N/A | Avaya Communication Manager, pour les versions CM 3.x et 4.x ; | ||
| AVAYA | N/A | Avaya AES, version 4.0. |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya CCS/SES, pour les versions SES 3.x et 4.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Message Networking, version MN 3.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Messaging Storage Server, pour les versions MSS 3.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Intuity Audix LX, version IALX 2.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Communication Manager, pour les versions CM 3.x et 4.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya AES, version 4.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans le serveur web inclus dans\nplusieurs produits Avaya. Il s\u0027agit de la version d\u0027Apache avec le\nmodule mod_proxy configur\u00e9e en mode reverse proxy. Cette vuln\u00e9rabilit\u00e9\nest identique \u00e0 celle mentionn\u00e9e dans l\u0027avis CERTA-2007-AVI-402 du 13\nseptembre 2007.\n\nUne personne malintentionn\u00e9e peut provoquer un d\u00e9ni de service du\nserveur suite \u00e0 une requ\u00eate construite de mani\u00e8re particuli\u00e8re.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2007-3847",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
}
],
"links": [
{
"title": "Avis de s\u00e9curit\u00e9 CERTA-2007-AVI-402 du 13 septembre 2007 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-402/"
},
{
"title": "Avis de s\u00e9curit\u00e9 Avaya ASA-2007-500 du 06 d\u00e9cembre 2007 :",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-500.htm"
}
],
"reference": "CERTA-2007-AVI-527",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-12-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans le serveur web inclus dans\nplusieurs produits Avaya. Celle-ci peut \u00eatre exploit\u00e9e \u00e0 distance pour\nperturber le fonctionnement du service.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans plusieurs produits Avaya",
"vendor_advisories": [
{
"published_at": null,
"title": "Annonce de s\u00e9curit\u00e9 Avaya ASA-2007-500 du 06 d\u00e9cembre 2007",
"url": null
}
]
}
CERTA-2007-AVI-475
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans des produits Avaya permet à un individu malveillant d'effectuer un déni de service à distance.
Description
Une vulnérabilité dans des produits Avaya permet à un individu malveillant d'effectuer un déni de service à distance via l'envoi de requêtes spécifiques par l'interface web d'administration.
Solution
Se référer au bulletin de sécurité de Avaya pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya Message Networking 3.1.",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Messaging Storage Server 3.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans des produits Avaya permet \u00e0 un individu\nmalveillant d\u0027effectuer un d\u00e9ni de service \u00e0 distance via l\u0027envoi de\nrequ\u00eates sp\u00e9cifiques par l\u0027interface web d\u0027administration.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de Avaya pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Avaya n\u02da 415 du 01 novembre 2007",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-415.htm"
}
],
"reference": "CERTA-2007-AVI-475",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-11-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans des produits Avaya permet \u00e0 un individu\nmalveillant d\u0027effectuer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Avaya",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya n\u02da415 du 01 novembre 2007",
"url": null
}
]
}