CVE-2019-7001 CRITICAL

CVE-2019-7001: Avaya IPOCC WebUI SQL Injection

Vendor Avaya

Product IP Office Contact Center

Weakness CWE-89 · SQLi

Published April 4, 2019

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

9.9/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated.

Key dates

02Disclosure timeline

April 4, 2019 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-7001

Related vulnerabilities

Identifiers

CVE CVE-2019-7001

CWE CWE-89

CVSS 9.9 / CRITICAL

Affected versions

Vendor Avaya

Product IP Office Contact Center

Affected 10.0.x 10.x

Vendor Avaya

Product IP Office Contact Center

Affected 9.x

Vendor Avaya

Product IP Office Contact Center

Affected ≥ 10.1.x and < 10.1.2.2.2-11201.1908

CVE-2019-7001: Avaya IPOCC WebUI SQL Injection

01Description

02Disclosure timeline

03References

04Related CVE