CVE-2018-15610

Summary

A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.

Affected Software

VendorProductVersion RangeStatus
AvayaIP Office9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References