CVE-2018-15616

CRITICAL

Avaya Aura System Platform < 6.3.9 - Insecure Deserialization

Title source: rule

Description

A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2.

References (1)

[Exploit, Vendor Advisory] https://downloads.avaya.com/css/P8/documents/101052865

Scores

CVSS v3 9.0

EPSS 0.0369

EPSS Percentile 87.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

avaya/avaya_aura_system_platform < 6.3.9

Timeline

Published Oct 17, 2018

Tracked Since Feb 18, 2026