CVE-2024-7477

MEDIUM

Avaya Aura System Manager 10.1.x.x-10.2.x.x - Authenticated SQL Injection via CLI

Title source: llm
STIX 2.1

Description

A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database.  Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.

References (1)

Core 1

Scores

CVSS v3 6.5
EPSS 0.0019
EPSS Percentile 8.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (2)
avaya/aura_system_manager 10.2
avaya/aura_system_manager 10.1 - 10.1.2
Published Aug 08, 2024
Tracked Since Feb 18, 2026