CVE-2018-15610

A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.

Published: Sep 12, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-15610
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
avaya / ip_office	9.1-sp1	9.1-sp1.x
avaya / ip_office	9.1-sp2	9.1-sp2.x
avaya / ip_office	9.1-sp3	9.1-sp3.x
avaya / ip_office	9.1-sp4	9.1-sp4.x
avaya / ip_office	9.1-sp5	9.1-sp5.x
avaya / ip_office	9.1-sp6	9.1-sp6.x
avaya / ip_office	9.1-sp7	9.1-sp7.x
avaya / ip_office	9.1-sp8	9.1-sp8.x
avaya / ip_office	9.1-sp9	9.1-sp9.x
avaya / ip_office	9.1-sp10	9.1-sp10.x
avaya / ip_office	9.1-sp11	9.1-sp11.x
avaya / ip_office	9.1-sp12	9.1-sp12.x
avaya / ip_office	9.1	9.1.x
avaya / ip_office	10.1-sp1	10.1-sp1.x
avaya / ip_office	10.1-sp2	10.1-sp2.x
avaya / ip_office	10.1	10.1.x
avaya / ip_office	10.0-sp1	10.0-sp1.x
avaya / ip_office	10.0-sp2	10.0-sp2.x
avaya / ip_office	10.0-sp3	10.0-sp3.x
avaya / ip_office	10.0-sp4	10.0-sp4.x
avaya / ip_office	10.0-sp5	10.0-sp5.x
avaya / ip_office	10.0-sp6	10.0-sp6.x
avaya / ip_office	10.0-sp7	10.0-sp7.x
avaya / ip_office	10.0	10.0.x

Vulnerability Database

289,697

CVE-2018-15610