Known Vulnerabilities
CVE-2024-4197
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1.
CRITICAL
CVSS 9.9
Published Jun 25, 2024
CVE-2024-4196
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.
CRITICAL
CVSS 10.0
Published Jun 25, 2024