| Vulnerability Name: | CVE-2018-15613 (CCN-150647) | ||||||||||||
| Assigned: | 2018-09-21 | ||||||||||||
| Published: | 2018-09-21 | ||||||||||||
| Updated: | 2019-10-09 | ||||||||||||
| Summary: | A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | ||||||||||||
| CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-15613 Source: CCN Type: Avaya Security Advisory ASA-2018-278 Orchestration Designer XSS and CSRF (CVE-2018-15612, CVE-2018-15613) Source: CONFIRM Type: Patch, Vendor Advisory https://downloads.avaya.com/css/P8/documents/101052293 Source: XF Type: UNKNOWN avaya-aura-cve201815613-xss(150647) Source: CCN Type: Avaya Web site Avaya Aura® Orchestration Designer Overview | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||