Merge pull request #1839 from AvayaCNA/Avaya_ASA-2019-058

Initial CVE submission for ASA-2019-058
2025-05-06 18:53:08 +00:00 · 2019-04-04 11:56:39 -04:00 · 2019-04-04 11:56:39 -04:00 · cf7cfd27c0
commit cf7cfd27c0
parent 88e7203432 fd861f72eb
1 changed files with 92 additions and 15 deletions
--- a/2019/7xxx/CVE-2019-7001.json
+++ b/2019/7xxx/CVE-2019-7001.json
@ -1,8 +1,45 @@
 {
   "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
+      "ASSIGNER": "securityalerts@avaya.com",
+      "DATE_PUBLIC": "2019-04-04T00:00:00.000Z",
      "ID": "CVE-2019-7001",
-        "STATE": "RESERVED"
+      "STATE": "PUBLIC",
+      "TITLE": "Avaya IPOCC WebUI SQL Injection"
+   },
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "IP Office Contact Center",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": "=",
+                                 "version_name": "10.0.x",
+                                 "version_value": "10.x"
+                              },
+                              {
+                                 "affected": "<",
+                                 "version_name": "10.1.x",
+                                 "version_value": "10.1.2.2.2-11201.1908"
+                              },
+                              {
+                                 "affected": "=",
+                                 "version_name": "9.x",
+                                 "version_value": "9.x"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Avaya"
+            }
+         ]
+      }
   },
   "data_format": "MITRE",
   "data_type": "CVE",
@ -11,8 +48,48 @@
      "description_data": [
         {
            "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            "value": "A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated."
+         }
+      ]
+   },
+   "impact": {
+      "cvss": {
+         "attackComplexity": "LOW",
+         "attackVector": "NETWORK",
+         "availabilityImpact": "HIGH",
+         "baseScore": 9.9,
+         "baseSeverity": "CRITICAL",
+         "confidentialityImpact": "HIGH",
+         "integrityImpact": "HIGH",
+         "privilegesRequired": "LOW",
+         "scope": "CHANGED",
+         "userInteraction": "NONE",
+         "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+         "version": "3.0"
+      }
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
               }
            ]
         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "name": "https://downloads.avaya.com/css/P8/documents/101056762",
+            "refsource": "CONFIRM",
+            "url": "https://downloads.avaya.com/css/P8/documents/101056762"
+         }
+      ]
+   },
+   "source": {
+      "advisory": "ASA-2019-058"
+   }
 }