CVE-2020-7036 HIGH

CVE-2020-7036: XXE in Avaya Callback Assist Administration

Vendor Avaya
Product Callback Assist
Weakness CWE-611 · XXE
Published April 23, 2021
Last update September 17, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7.

Key dates

02Disclosure timeline

April 23, 2021 CVE published
September 17, 2024 Record updated