Vulnerability Details CVE-2020-7035
An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.8%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 4.0
References
Products affected by CVE-2020-7035
-
cpe:2.3:a:avaya:aura_orchestration_designer:7.0
-
cpe:2.3:a:avaya:aura_orchestration_designer:7.0.1
-
cpe:2.3:a:avaya:aura_orchestration_designer:7.1
-
cpe:2.3:a:avaya:aura_orchestration_designer:7.2
-
cpe:2.3:a:avaya:aura_orchestration_designer:7.2.1