| Vulnerability Name: | CVE-2018-15612 (CCN-150648) | ||||||||||||
| Assigned: | 2018-09-21 | ||||||||||||
| Published: | 2018-09-21 | ||||||||||||
| Updated: | 2019-10-09 | ||||||||||||
| Summary: | A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | ||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 8.4 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-352 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-15612 Source: CCN Type: Avaya Security Advisory ASA-2018-278 Orchestration Designer XSS and CSRF (CVE-2018-15612, CVE-2018-15613) Source: CONFIRM Type: Patch, Vendor Advisory https://downloads.avaya.com/css/P8/documents/101052293 Source: XF Type: UNKNOWN avaya-aura-cve201815612-csrf(150648) Source: CCN Type: Avaya Web site Avaya Aura® Orchestration Designer Overview | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||