Merge branch 'Avaya_ASA-2018-256' of https://github.com/AvayaCNA/cvelist

2025-08-04 08:44:25 +00:00 · 2018-09-12 16:10:23 -04:00 · 2018-09-12 16:10:23 -04:00 · 8b9c032878
commit 8b9c032878
parent d2dd760ab7 e4f68b8cde
1 changed files with 76 additions and 11 deletions
--- a/2018/15xxx/CVE-2018-15610.json
+++ b/2018/15xxx/CVE-2018-15610.json
@ -1,18 +1,83 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-15610",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "securityalerts@avaya.com",
+      "ID": "CVE-2018-15610",
+      "STATE": "PUBLIC",
+      "TITLE": "Improper access controls in IP Office one-X Portal"
   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "IP Office",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "version_value": "9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Avaya"
+            }
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": "A  vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system.\nAffected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2."
         }
      ]
+   },
+   "impact": {
+      "cvss": {
+         "attackComplexity": "LOW",
+         "attackVector": "NETWORK",
+         "availabilityImpact": "HIGH",
+         "baseScore": 7.3,
+         "baseSeverity": "HIGH",
+         "confidentialityImpact": "HIGH",
+         "integrityImpact": "NONE",
+         "privilegesRequired": "LOW",
+         "scope": "UNCHANGED",
+         "userInteraction": "REQUIRED",
+         "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
+         "version": "3.0"
+      }
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "CWE-284: Improper Access Control"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "name": "https://downloads.avaya.com/css/P8/documents/101051984",
+            "refsource": "CONFIRM",
+            "url": "https://downloads.avaya.com/css/P8/documents/101051984"
+         }
+      ]
+   },
+   "source": {
+      "advisory": "ASA-2018-256",
+      "discovery": "EXTERNAL"
   }
 }