CVE-2024-7477
CVSS 3.1 Score 6.7 of 10 (medium)
Details
Published Aug 8, 2024
Updated: Sep 11, 2024
CWE ID 89
Summary
CVE-2024-7477: A SQL injection vulnerability has been identified in the Avaya Aura System Manager. This issue enables a CLI user with administrative privileges to execute unauthorized database queries against the Avaya Aura System Manager database. Versions 10.1.x.x and 10.2.x.x are affected. It is important to note that versions prior to 10.1 have reached end-of-life support. This vulnerability poses a significant risk if exploited, and urgent patching is recommended for affected organizations.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Avaya Aura System Manager
Affected Vendors
- Avaya, Inc.