CVE-2008-3777

Avaya SIP Enablement Services 5.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30758
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44586

Scores

EPSS 0.0030
EPSS Percentile 21.5%

Details

CWE
CWE-200
Status published
Products (2)
avaya/communication_manager 5.0
avaya/sip_enablement_services 5.0
Published Aug 25, 2008
Tracked Since Feb 18, 2026