Vulnerability Details CVE-2023-3527
A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software
such as Microsoft Excel.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.4%
CVSS Severity
CVSS v3 Score 6.8
References
Products affected by CVE-2023-3527
-
cpe:2.3:a:avaya:call_management_system:-
-
cpe:2.3:a:avaya:call_management_system:17.0
-
cpe:2.3:a:avaya:call_management_system:18.0.0.1
-
cpe:2.3:a:avaya:call_management_system:18.0.0.2
-
cpe:2.3:a:avaya:call_management_system:19.2.0.7
-
cpe:2.3:a:avaya:call_management_system:20.0