CVE-2020-7037
HIGHAvaya Equinox Conferencing 9.0.0-9.1.10 - Authenticated XML External Entity Injection in Media Server
Title source: llmDescription
An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The affected versions of Avaya Equinox Conferencing includes all 9.x versions before 9.1.11. Equinox Conferencing is now offered as Avaya Meetings Server.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.avaya.com/css/P8/documents/101075574
Scores
CVSS v3
8.1
EPSS
0.0106
EPSS Percentile
60.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-611
Status
published
Products (1)
avaya/equinox_conferencing
9.0.0 - 9.1.11
Published
Apr 28, 2021
Tracked Since
Feb 18, 2026