CVE-2018-15616

Summary

A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2.

Affected Software

VendorProductVersion RangeStatus
AvayaAvaya Aura® System Platform6.3.x <= 6.3.9affected
AvayaAvaya Aura® System Platform6.4.x <= 6.4.2affected

Weaknesses

  • CWE-502: CWE-502: Deserialization of Untrusted Data

ADP Enrichment

CVE Program Container

Additional References

References