CVE-2025-49186

Medium CVSS: 5.3

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.

Vendor

Avaya

Product

Media Server

CWE

CWE-307

Yayın Tarihi

2025-06-12 14:15:31

Güncelleme

2026-02-03 14:39:11

Source Identifier

psirt@sick.de

KEV Date Added

Kategoriler

CWE-307 Media Server MEDIUM Avaya 2025

Referanslar

https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF https://sick.com/psirt https://www.cisa.gov/resources-tools/resources/ics-recommended-practices https://www.first.org/cvss/calculator/3.1 https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf

Benzer Kayıtlar

Critical

CVE-2025-1041

An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command v…

High

CVE-2024-12755

A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential di…

High

CVE-2024-12756

An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of…