CVE-2008-3081

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.7%

top 27.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Avaya Messaging Storage Server

Timeline

PublishedJul 9

Latest updateMay 1

Description

Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6…

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDavaya/messaging_storage_server3, 3.1, 4.0+2

🔴Vulnerability Details

GHSA

GHSA-q4cf-5q7c-rjwq: Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Stor↗2022-05-01

▶

CVEList

CVE-2008-3081: Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Stor↗2008-07-09

▶