CVE-2024-7477

MEDIUM

Avaya Aura System Manager < 10.1.2 - SQL Injection

Title source: rule

Description

A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.

References (1)

[Vendor Advisory] https://download.avaya.com/css/public/documents/101091159

Scores

CVSS v3 6.5

EPSS 0.0014

EPSS Percentile 33.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-89

Status published

Affected Products (2)

avaya/aura_system_manager < 10.1.2

avaya/aura_system_manager

Timeline

Published Aug 08, 2024

Tracked Since Feb 18, 2026