Every CVE whose affected-product data names Avaya Ip Office, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2024-4196 — CVSS 10.0 (critical): An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a…
CVE-2024-4197 — CVSS 9.9 (critical): An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X…
CVE-2017-11309 — CVSS 9.6 (critical): Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long…
CVE-2021-25657 — CVSS 7.8 (high): A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user…
CVE-2019-7005 — CVSS 7.5 (high): A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with…
CVE-2016-5285 — CVSS 7.5 (high): A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey /…
CVE-2018-15610 — CVSS 7.3 (high): A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the…
CVE-2018-15614 — CVSS 6.8 (medium): A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks…
CVE-2020-7030 — CVSS 5.5 (medium): A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a…