Browse all 47 CVE security advisories affecting Avaya. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Avaya operates primarily as a provider of enterprise communication solutions, including unified communications, contact center software, and networking hardware. The vendor’s portfolio has historically been associated with a significant volume of security flaws, currently totaling 47 recorded Common Vulnerabilities and Exposures (CVEs). These vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation issues, often stemming from inadequate input validation or improper access controls within web interfaces and administrative panels. Notable incidents include critical flaws in IP Office and Session Manager products that allowed unauthenticated attackers to gain system-level access or execute arbitrary commands. The high count of CVEs reflects a pattern of legacy code vulnerabilities and delayed patch cycles for older on-premise deployments. Security researchers emphasize the necessity of rigorous network segmentation and immediate application of vendor-provided patches to mitigate the risk of exploitation in these communication infrastructure components.
This page lists every published CVE security advisory associated with Avaya. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.