CVE-2020-7037 HIGH

CVE-2020-7037: Avaya Equinox Conferencing XXE vulnerability

Vendor Avaya
Product Avaya Meetings Server
Weakness CWE-611 · XXE
Published April 28, 2021
Last update September 16, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The affected versions of Avaya Equinox Conferencing includes all 9.x versions before 9.1.11. Equinox Conferencing is now offered as Avaya Meetings Server.

Key dates

02Disclosure timeline

April 28, 2021 CVE published
September 16, 2024 Record updated