This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Avaya | First view | 2009-11-16 |
| Product | Aura Application Enablement Services | Last view | 2022-10-06 |
| Version | 5.2.1 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:avaya:aura_application_enablement_services | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.7 | 2022-10-06 | CVE-2022-2975 | A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. |
| 7.5 | 2019-11-15 | CVE-2016-5285 | A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. |
| 7.1 | 2009-11-16 | CVE-2009-3939 | The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 66% (2) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 33% (1) | CWE-476 | NULL Pointer Dereference |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
| CAPEC-17 | Accessing, Modifying or Executing Executable Files |
| CAPEC-60 | Reusing Session IDs (aka Session Replay) |
| CAPEC-61 | Session Fixation |
| CAPEC-62 | Cross Site Request Forgery (aka Session Riding) |
| CAPEC-122 | Exploitation of Authorization |
| CAPEC-180 | Exploiting Incorrectly Configured Access Control Security Levels |
| CAPEC-232 | Exploitation of Privilege/Trust |
| CAPEC-234 | Hijacking a privileged process |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 60201 | Linux Kernel megaraid_sas Driver poll_mode_io Permission Weakness I/O Mode Lo... |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
| 2011-08-09 | Name : CentOS Update for kernel CESA-2010:0046 centos5 i386 File : nvt/gb_CESA-2010_0046_kernel_centos5_i386.nasl |
| 2010-03-05 | Name : SuSE Update for kernel SUSE-SA:2010:014 File : nvt/gb_suse_2010_014.nasl |
| 2010-02-19 | Name : SuSE Update for kernel SUSE-SA:2010:010 File : nvt/gb_suse_2010_010.nasl |
| 2010-02-19 | Name : SuSE Update for kernel SUSE-SA:2010:012 File : nvt/gb_suse_2010_012.nasl |
| 2010-02-08 | Name : RedHat Update for kernel RHSA-2010:0076-01 File : nvt/gb_RHSA-2010_0076-01_kernel.nasl |
| 2010-01-20 | Name : RedHat Update for kernel RHSA-2010:0046-01 File : nvt/gb_RHSA-2010_0046-01_kernel.nasl |
| 2010-01-20 | Name : SuSE Update for kernel SUSE-SA:2010:005 File : nvt/gb_suse_2010_005.nasl |
| 2010-01-15 | Name : SuSE Update for kernel SUSE-SA:2010:001 File : nvt/gb_suse_2010_001.nasl |
| 2009-12-10 | Name : RedHat Security Advisory RHSA-2009:1635 File : nvt/RHSA_2009_1635.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2010-A-0015 | Multiple Vulnerabilities in Red Hat Linux Kernel Severity: Category I - VMSKEY: V0022631 |
Nessus® Vulnerability Scanner
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2017-05-01 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2016-1084.nasl - Type: ACT_GATHER_INFO |
| 2017-01-20 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-46.nasl - Type: ACT_GATHER_INFO |
| 2017-01-05 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-3163-1.nasl - Type: ACT_GATHER_INFO |
| 2016-12-16 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2016-774.nasl - Type: ACT_GATHER_INFO |
| 2016-12-14 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-3105-1.nasl - Type: ACT_GATHER_INFO |
| 2016-12-12 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-3080-1.nasl - Type: ACT_GATHER_INFO |
| 2016-12-06 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-3014-1.nasl - Type: ACT_GATHER_INFO |
| 2016-11-22 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20161116_nss_and_nss_util_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
| 2016-11-21 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2016-2779.nasl - Type: ACT_GATHER_INFO |
| 2016-11-17 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2016-2779.nasl - Type: ACT_GATHER_INFO |
| 2016-11-16 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2016-2779.nasl - Type: ACT_GATHER_INFO |
| 2016-03-08 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_VMSA-2010-0009_remote.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2010-0076.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2010-0046.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20100202_kernel_on_SL4_x.nasl - Type: ACT_GATHER_INFO |
| 2012-05-17 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_kernel-6697.nasl - Type: ACT_GATHER_INFO |
| 2012-05-17 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_kernel-6730.nasl - Type: ACT_GATHER_INFO |
| 2011-03-17 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_kernel-100109.nasl - Type: ACT_GATHER_INFO |
| 2010-10-11 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_kernel-6694.nasl - Type: ACT_GATHER_INFO |
| 2010-06-01 | Name: The remote VMware ESXi / ESX host is missing one or more security-related pat... File: vmware_VMSA-2010-0009.nasl - Type: ACT_GATHER_INFO |
| 2010-03-03 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_kernel-100223.nasl - Type: ACT_GATHER_INFO |
| 2010-03-03 | Name: The remote openSUSE host is missing a security update. File: suse_11_1_kernel-100223.nasl - Type: ACT_GATHER_INFO |
| 2010-02-24 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1996.nasl - Type: ACT_GATHER_INFO |
| 2010-02-16 | Name: The remote openSUSE host is missing a security update. File: suse_11_0_kernel-100203.nasl - Type: ACT_GATHER_INFO |
| 2010-02-09 | Name: The remote openSUSE host is missing a security update. File: suse_11_2_kernel-100128.nasl - Type: ACT_GATHER_INFO |
