CVE-2018-15615 HIGH

CVE-2018-15615: CMS Supervisor Information Disclosure

Vendor Avaya
Product Call Management System Supervisor
Weakness CWE-200 · Info exposure
Published September 24, 2018
Last update August 5, 2024
View on NVD All CVEs

CVSS base score

7.2/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.

Key dates

02Disclosure timeline

September 24, 2018 CVE published
August 5, 2024 Record updated