{
   "CVE_data_meta": {
      "ASSIGNER": "securityalerts@avaya.com",
      "DATE_PUBLIC": "2020-08-07T06:00:00.000Z",
      "ID": "CVE-2019-7005",
      "STATE": "PUBLIC",
      "TITLE": "Unauthenticated Information Disclosure Vulnerability in IP Office"
   },
   "affects": {
      "vendor": {
         "vendor_data": [
            {
               "product": {
                  "product_data": [
                     {
                        "product_name": "IP Office",
                        "version": {
                           "version_data": [
                              {
                                 "affected": "<=",
                                 "version_name": "10.0",
                                 "version_value": "10.1.0.7"
                              },
                              {
                                 "affected": "<=",
                                 "version_name": "11.0",
                                 "version_value": "11.0.4.2"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name": "Avaya"
            }
         ]
      }
   },
   "data_format": "MITRE",
   "data_type": "CVE",
   "data_version": "4.0",
   "description": {
      "description_data": [
         {
            "lang": "eng",
            "value": "A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2."
         }
      ]
   },
   "impact": {
      "cvss": {
         "attackComplexity": "HIGH",
         "attackVector": "NETWORK",
         "availabilityImpact": "NONE",
         "baseScore": 5.9,
         "baseSeverity": "MEDIUM",
         "confidentialityImpact": "HIGH",
         "integrityImpact": "NONE",
         "privilegesRequired": "NONE",
         "scope": "UNCHANGED",
         "userInteraction": "NONE",
         "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
         "version": "3.1"
      }
   },
   "problemtype": {
      "problemtype_data": [
         {
            "description": [
               {
                  "lang": "eng",
                  "value": "CWE-200: Information Exposure"
               }
            ]
         }
      ]
   },
   "references": {
      "reference_data": [
         {
            "name": "https://downloads.avaya.com/css/P8/documents/101070158",
            "refsource": "CONFIRM",
            "url": "https://downloads.avaya.com/css/P8/documents/101070158"
         }
      ]
   },
   "source": {
      "advisory": "ASA-2020-009"
   }
}
