Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Avaya Communication Manager 信息泄露漏洞和访问受限漏洞
Vulnerability Description
当和Avaya Communication Manager 3.1.x一起被使用时,Avaya SIP Enablement Services (SES) 3.x和4.0中的web管理界面允许远程攻击者借助(1)信任证书安装应用程序,(2)objects文件夹中的未明脚本,(3)一个"多余的默认的应用程序",(4)states文件夹中的未明脚本,(5)一个会列出服务器配置的未明的"默认的应用程序",(6)"全系统帮助",获得敏感信息和访问受限的功能。
CVSS Information
N/A
Vulnerability Type
N/A