CVE-2020-7036
HIGHAvaya Callback Assist 4.0.0-4.7.1.1 - Authenticated XML External Entity Injection
Title source: llmDescription
An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://downloads.avaya.com/css/P8/documents/101075450
Scores
CVSS v3
8.1
EPSS
0.0098
EPSS Percentile
57.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-611
Status
published
Products (2)
avaya/callback_assist
4.7.1.1 (7 CPE variants)
avaya/callback_assist
4.0.0 - 4.7.1.1
Published
Apr 23, 2021
Tracked Since
Feb 18, 2026