Initial CVE-2020-7033 Publication

2025-08-04 08:44:25 +00:00 · 2020-11-12 16:48:38 -07:00 · 2020-11-12 16:48:38 -07:00 · 269b81f4cc
commit 269b81f4cc
parent 4c84fb5e54
1 changed files with 82 additions and 15 deletions
--- a/2020/7xxx/CVE-2020-7033.json
+++ b/2020/7xxx/CVE-2020-7033.json
@ -1,18 +1,85 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2020-7033",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
+   "CVE_data_meta": {
+      "ASSIGNER": "securityalerts@avaya.com",
+      "DATE_PUBLIC": "2020-11-10T05:00:00.000Z",
+      "ID": "CVE-2020-7033",
+      "STATE": "PUBLIC",
+      "TITLE": "Avaya Equinox Conferencing XSS"
+   },
+   "affects": {
+      "vendor": {
+         "vendor_data": [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "Avaya Equinox Conferencing",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": "<",
+                                 "version_name": "9.x",
+                                 "version_value": "9.1.10"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Avaya"
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
+         {
+            "lang": "eng",
+            "value": "A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10."
+         }
+      ]
+   },
+   "impact": {
+      "cvss": {
+         "attackComplexity": "LOW",
+         "attackVector": "NETWORK",
+         "availabilityImpact": "NONE",
+         "baseScore": 6.3,
+         "baseSeverity": "MEDIUM",
+         "confidentialityImpact": "HIGH",
+         "integrityImpact": "LOW",
+         "privilegesRequired": "LOW",
+         "scope": "UNCHANGED",
+         "userInteraction": "REQUIRED",
+         "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
+         "version": "3.1"
+      }
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "CWE-79 - Improper Neutralization of Input During Web Page Generation"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "name": "https://downloads.avaya.com/css/P8/documents/101072147",
+            "refsource": "CONFIRM",
+            "url": "https://downloads.avaya.com/css/P8/documents/101072147"
+         }
+      ]
+   },
+   "source": {
+      "advisory": "ASA-2020-152"
+   }
+}