CVE-2018-15612

HIGH

Avaya Aura Orchestration Designer < 7.2.1 - Cross-Site Request Forgery in Runtime Config

Title source: llm
STIX 2.1

Description

A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://downloads.avaya.com/css/P8/documents/101052293

Scores

CVSS v3 8.3
EPSS 0.0039
EPSS Percentile 31.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
avaya/orchestration_designer < 7.2.1
Published Sep 21, 2018
Tracked Since Feb 18, 2026