CVE-2020-7035

HIGH

Avaya Aura Orchestration Designer 7.0-7.2.2 - Authenticated XML External Entity Injection

Title source: llm
STIX 2.1

Description

An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://downloads.avaya.com/css/P8/documents/101075450

Scores

CVSS v3 8.1
EPSS 0.0107
EPSS Percentile 60.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Details

CWE
CWE-611
Status published
Products (1)
avaya/aura_orchestration_designer 7.0 - 7.2.2
Published Apr 23, 2021
Tracked Since Feb 18, 2026