CVE-2024-7477

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Aug 8, 2024
Updated: Sep 11, 2024
CWE ID 89

Summary

CVE-2024-7477: A SQL injection vulnerability has been identified in the Avaya Aura System Manager. This issue enables a CLI user with administrative privileges to execute unauthorized database queries against the Avaya Aura System Manager database. Versions 10.1.x.x and 10.2.x.x are affected. It is important to note that versions prior to 10.1 have reached end-of-life support. This vulnerability poses a significant risk if exploited, and urgent patching is recommended for affected organizations.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Avaya Aura System Manager

Affected Vendors

  • Avaya, Inc.