System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896.
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
Link | Tags |
---|---|
http://www.securitytracker.com/id/1040329 | vdb entry third party advisory |
https://downloads.avaya.com/css/P8/documents/101038598 | vendor advisory |
http://www.securityfocus.com/bid/102940 | vdb entry third party advisory |