CVE-2020-7035 HIGH

CVE-2020-7035: XXE in Avaya Aura Orchestration Designer

Vendor Avaya
Product Aura Orchestration Designer
Weakness CWE-611 · XXE
Published April 23, 2021
Last update September 16, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3.

Key dates

02Disclosure timeline

April 23, 2021 CVE published
September 16, 2024 Record updated