Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Avaya — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting Avaya. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Avaya:IP OfficeIX Workforce EngagementAvaya Aura Utility ServicesCommunication ManagerAvaya SpacesAura System ManagerAvaya Call Management SystemAvaya Aura Appliance Virtualization Platform UtilitiesAvaya Aura Communication ManagerOrchestration DesignerIP Office Contact CenterCall Management System SupervisorExperience Portal ManagerAura Device ServicesAvaya Aura® System PlatformAvaya Aura ConferencingAvaya Aura Application Enablement ServicesProductAvaya Experience PortalAvaya Aura Devices ServicesEquinox Conferencing Management (iView)Avaya Control ManagerAvaya Meetings ManagementAvaya Meetings ServerCallback AssistAura Orchestration DesignerSession Border Controller for EnterpriseAvaya Equinox ConferencingWebLMIP Office Application Server
CVE IDTitleCVSSSeverityPublished
CVE-2025-1041 Avaya Call Management System RCE vulnerability — Avaya Call Management SystemCWE-20 9.9 Critical2025-06-10
CVE-2024-12756 Avaya Spaces HTML injection (HTMLi) Vulnerability — Avaya SpacesCWE-1287 7.3 High2025-02-11
CVE-2024-12755 Avaya Spaces XSS Vulnerability — Avaya SpacesCWE-79 7.9 High2025-02-11
CVE-2024-7480 Improper access control in Avaya Aura System Manager — Aura System ManagerCWE-266 4.2 Medium2024-08-08
CVE-2024-7477 Avaya Aura System Manager SQL injection vulnerability — Aura System ManagerCWE-89 6.5 Medium2024-08-08
CVE-2024-4197 Avaya IP Office One-X Portal File Upload Vulnerability — IP OfficeCWE-434 9.9 Critical2024-06-25
CVE-2024-4196 Avaya IP Office Web Control RCE Vulnerability — IP OfficeCWE-782 10.0 Critical2024-06-25
CVE-2023-7031 Avaya Experience Portal Manager Insecure Direct Object Reference Vulnerabilities — Experience Portal ManagerCWE-200 5.7 Medium2024-01-17
CVE-2023-3722 Avaya Aura Device Services Remote Code Execution — Aura Device ServicesCWE-434 8.6 High2023-07-19
CVE-2023-3527 Avaya Call Management System CSV injection vulnerability — Avaya Call Management SystemCWE-1236 6.8 Medium2023-07-18
CVE-2023-31187 Avaya IX Workforce Engagement - CWE-522: Insufficiently Protected Credentials — IX Workforce EngagementCWE-522 6.5 Medium2023-05-30
CVE-2023-32218 Avaya IX Workforce Engagement - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') — IX Workforce EngagementCWE-601 6.1 Medium2023-05-30
CVE-2023-31186 Avaya IX Workforce Engagement - User Enumeration - CWE-204: Observable Response Discrepancy — IX Workforce EngagementCWE-204 5.3 Medium2023-05-30
CVE-2022-2249 Avaya Aura Communication Manager Privilege Escalation Vulnerabilities — Avaya Aura Communication ManagerCWE-269 7.7 High2022-10-12
CVE-2022-2975 Avaya Aura Application Enablement Services weak permissions in web application — Avaya Aura Application Enablement ServicesCWE-269 7.7 High2022-10-06
CVE-2021-25657 Avaya IP Office Privilege Escalation Vulnerability — IP OfficeCWE-269 7.8 High2022-09-02
CVE-2021-25654 Avaya Aura Device Services Arbitrary Code Execution Vulnerability — Avaya Aura Devices ServicesCWE-378 6.2 Medium2021-06-25
CVE-2021-25656 Avaya Aura Experience Portal XSS vulnerabilities — ProductCWE-79 5.3 Medium2021-06-24
CVE-2021-25655 URL redirection to untrusted site possible in Avaya Aura Experience Portal — Avaya Experience PortalCWE-601 4.4 Medium2021-06-24
CVE-2021-25653 Avaya Aura Appliance Virtualization Platform Utilities Privilege Escalation Vulnerability — Avaya Aura Appliance Virtualization Platform UtilitiesCWE-250 8.0 High2021-06-24
CVE-2021-25652 Avaya Aura Appliance Virtualization Platform Utilities Sensitive Information Disclosure Vulnerability — Avaya Aura Appliance Virtualization Platform UtilitiesCWE-200 4.9 Medium2021-06-24
CVE-2021-25651 Avaya Aura Utility Services Privilege Escalation Vulnerability — Avaya Aura Utility ServicesCWE-250 8.0 High2021-06-24
CVE-2021-25650 Avaya Aura Utility Services Privilege Escalation Vulnerability — Avaya Aura Utility ServicesCWE-250 7.7 High2021-06-24
CVE-2021-25649 Avaya Utility Services Sensitive Information Disclosure Vulnerability — Avaya Aura Utility ServicesCWE-200 4.9 Medium2021-06-24
CVE-2020-7038 Avaya Meetings Server Information Disclosure vulnerability — Avaya Meetings ManagementCWE-284 7.5 High2021-04-28
CVE-2020-7037 Avaya Equinox Conferencing XXE vulnerability — Avaya Meetings ServerCWE-611 8.1 High2021-04-28
CVE-2020-7036 XXE in Avaya Callback Assist Administration — Callback AssistCWE-611 8.1 High2021-04-23
CVE-2020-7035 XXE in Avaya Aura Orchestration Designer — Aura Orchestration DesignerCWE-611 8.1 High2021-04-23
CVE-2020-7034 Command injection in Avaya Session Border Controller for Enterprise — Session Border Controller for EnterpriseCWE-78 7.2 High2021-04-23
CVE-2020-7032 Avaya WebLM Improper Restriction of XML External Entity Reference — WebLMCWE-611 6.5 Medium2020-11-13

This page lists every published CVE security advisory associated with Avaya. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.