SQL Injection | |||
Severity: Critical | CVSS Score: 9.8 | CWE-ID: CWE-89, CWE-94, CWE-116 | Status: Not Fixed |
Vulnerability Description | |||
The web application running on Avaya IP Office Contact Center is affected by SQL Injection affecting Version: 10.1.2.1 Build 9400 and probably prior versions. An SQL injection occurs when a value originating from the client's request is used within a SQL query without proper sanitisation. This could allow attackers to execute arbitrary SQL code and steal data or use the additional functionality of the database server to take control of more server components. | |||
CVSS Base Score | |||
Attack Vector | Network | Scope | Unchanged |
Attack Complexity | Low | Confidentiality Impact | High |
Privileges Required | None | Integrity Impact | High |
User Interaction | None | Availability Impact | High |
Full details about the vulnerability will be disclosed once the vendor has provided a patch.