CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-3527

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.7%

CVSS Severity

CVSS v3 Score 6.8

References

https://download.avaya.com/css/public/documents/101086364
https://download.avaya.com/css/public/documents/101086364

Products affected by CVE-2023-3527

Avaya » Call Management System » Version: N/A

cpe:2.3:a:avaya:call_management_system:-
Avaya » Call Management System » Version: 17.0

cpe:2.3:a:avaya:call_management_system:17.0
Avaya » Call Management System » Version: 18.0.0.1

cpe:2.3:a:avaya:call_management_system:18.0.0.1
Avaya » Call Management System » Version: 18.0.0.2

cpe:2.3:a:avaya:call_management_system:18.0.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-3527

Products

Pricing

Contact Us