avaya

aura_device_services

2 known vulnerabilities · sorted by CVSS score

CVE-2023-3722

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier.

avaya / aura_device_services

Network

Published Jul 19, 2023

CVE-2021-25654

MEDIUM6.2

An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services.

avaya / aura_device_services

Network

Published Jun 25, 2021