CVE-2018-15616

CRITICAL

Avaya Aura System Platform 6.3.0-6.3.9/6.4.0-6.4.2 - Remote Code Execution via Deserialization

Title source: llm
STIX 2.1

Description

A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2.

References (1)

Core 1
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://downloads.avaya.com/css/P8/documents/101052865

Scores

CVSS v3 9.0
EPSS 0.0334
EPSS Percentile 87.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-502
Status published
Products (1)
avaya/avaya_aura_system_platform 6.3.0 - 6.3.9
Published Oct 17, 2018
Tracked Since Feb 18, 2026