Security Advisory

CVE-2023-3527

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-07-18 21:10:36

Last updated 2024-10-21 14:36:19

Assigner avaya

State PUBLISHED

Description

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.

← Browse all CVEs View on cve.org ↗