SMGR-26896: SSL Authentication Bypass in Avaya Aura System Manager

CVE-2018-6635 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896.

Learn more about our Web Application Penetration Testing UK.