admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2018/15xxx/CVE-2018-15613.json
CVE Team c8bb70aaed
"-Synchronized-Data."
2019-03-18 03:33:44 +00:00

82 lines
2.7 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "securityalerts@avaya.com",
"ID": "CVE-2018-15613",
"STATE": "PUBLIC",
"TITLE": "Orchestration Designer Runtime Config XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Orchestration Designer",
"version": {
"version_data": [
{
"version_value": "All versions up to 7.2.1"
}
]
}
}
]
},
"vendor_name": "Avaya"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.avaya.com/css/P8/documents/101052293",
"refsource": "CONFIRM",
"url": "https://downloads.avaya.com/css/P8/documents/101052293"
}
]
},
"source": {
"advisory": "ASA-2018-278"
}
}
Reference in New Issue View Git Blame Copy Permalink