CVE-2018-15610

HIGH

Avaya IP Office 9.1-10.1 - Authenticated Arbitrary File Read/Delete via one-X Portal

Title source: llm
STIX 2.1

Description

A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.

References (2)

Core 2

Scores

CVSS v3 7.3
EPSS 0.0185
EPSS Percentile 76.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

Details

CWE
CWE-22 CWE-284
Status published
Products (3)
avaya/ip_office 9.1 (13 CPE variants)
avaya/ip_office 10.0 (8 CPE variants)
avaya/ip_office 10.1 (3 CPE variants)
Published Sep 12, 2018
Tracked Since Feb 18, 2026