QwikSec

Security Database

CVE

CWE

Training

CVE-2008-6573

Published: Apr 1, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.voipshield.com/research-details.php?id=25

x_refsource_MISC

http://www.voipshield.com/research-details.php?id=26

x_refsource_MISC

http://www.voipshield.com/research-details.php?id=22

x_refsource_MISC

http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm

x_refsource_CONFIRM

vdb-entry

x_refsource_OSVDB

avaya-ses-sip-sql-injection(41733)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

avaya-ses-spim-sql-injection(41730)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_OSVDB

http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.