Call Management System CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-1041	1 Avaya	1 Call Management System	2025-07-30	9.9 Critical
An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.
CVE-2004-0800	2 Avaya, Sun	4 Call Management System Server, Dtmail, Solaris and 1 more	2025-04-03	N/A
Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value.
CVE-2004-1307	11 Apple, Avaya, Conectiva and 8 more	20 Mac Os X, Mac Os X Server, Call Management System Server and 17 more	2025-04-03	N/A
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
CVE-2023-3527	1 Avaya	1 Call Management System	2024-11-21	6.8 Medium
A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.
CVE-2018-15615	1 Avaya	1 Call Management System Supervisor	2024-11-21	N/A
A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.
CVE-2016-5285	5 Avaya, Debian, Mozilla and 2 more	32 Aura Application Enablement Services, Aura Application Server 5300, Aura Communication Manager and 29 more	2024-11-21	7.5 High
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

Page 1 of 1.