Vulnerabilities impacting supported product versions are listed in the following table as reported by Red Hat, Apache Tomcat and PostgreSQL security advisories. Refer to the Avaya Product Life Cycle Policy for information about supported product versions.
The severity is determined by the highest Common Vulnerability Scoring System (CVSS) score of the Common Vulnerabilities and Exposures (CVE) IDs listed in a vendor's security advisory. Refer to the Common Vulnerability Scoring System: Specification Document for additional information about CVSS score calculations.
Products listed in the Affected Products column have affected software installed as reported in the vendor security advisory.
The following links point to product security fix downloads. The Related Documents area on these pages provide a link to a product documentation which should contain specific details about security fixes. If a product/version does not exist in the below references, refer to the Avaya Support Portal. Search for Documents and/or Downloads using the Product Support drop down menu.
NOTE: Security Service Packs (SSP) MUST not be installed on software-only products.
An Avaya system product includes an Avaya provided operating system.
| Vendor Security Advisory | CVE(s) | Severity | Affected Product(s) |
|---|
git security update (RHSA-2025:11534)
(Issued: 2025-07-23) | CVE-2024-50349
CVE-2024-52006
CVE-2025-27613
CVE-2025-27614
CVE-2025-46835
CVE-2025-48384
CVE-2025-48385
| High | - Avaya Aura® Device Services: 10.x,
Resolution: Pending
|
kernel security update (RHSA-2025:11455)
(Issued: 2025-07-21) | CVE-2024-50154
CVE-2025-38086
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Pending - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Pending
|
java-1.8.0-openjdk security update (RHSA-2025:10862)
(Issued: 2025-07-18) | CVE-2025-30749
CVE-2025-30754
CVE-2025-30761
CVE-2025-50106
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Pending - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Pending
|
kernel security update (RHSA-2025:11298)
(Issued: 2025-07-16) | CVE-2022-49058
CVE-2022-49788
CVE-2024-57980
CVE-2024-58002
CVE-2025-21991
CVE-2025-22004
CVE-2025-23150
CVE-2025-37738
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Pending - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Pending
|
lz4 security update (RHSA-2025:11035)
(Issued: 2025-07-15) | CVE-2019-17543
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Pending - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Pending
|
emacs security update (RHSA-2025:11030)
(Issued: 2025-07-15) | CVE-2024-53920
| High | - Avaya CMS: R21.x, R20.x,
Resolution: Pending - Avaya Communication Manager: 10.x,
Resolution: Pending - Avaya Device Services: 10.x,
Resolution: Pending - Avaya Experience Portal: 8.x,
Resolution: Pending - Avaya Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya System Manager: 10.x,
Resolution: Pending
|
python-setuptools security update (RHSA-2025:11036)
(Issued: 2025-07-15) | CVE-2025-47273
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Pending - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Pending
|
libxml2 security update (RHSA-2025:10698)
(Issued: 2025-07-09) | CVE-2025-6021
CVE-2025-49794
CVE-2025-49796
| Critical | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Pending - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Pending
|
go-toolset:rhel8 security update (RHSA-2025:10672)
(Issued: 2025-07-09) | CVE-2025-4673
| Medium | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
kernel security update (RHSA-2025:10669)
(Issued: 2025-07-09) | CVE-2022-49111
CVE-2022-49136
CVE-2022-49846
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Pending - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Pending
|
jq security update (RHSA-2025:10618)
(Issued: 2025-07-08) | CVE-2024-23337
CVE-2025-48060
| Medium | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Pending
|
container-tools:rhel8 security update (RHSA-2025:10551)
(Issued: 2025-07-08) | CVE-2025-6032
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
firefox security update (RHSA-2025:10074)
(Issued: 2025-07-01) | CVE-2025-6424
CVE-2025-6425
CVE-2025-6429
CVE-2025-6430
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
python3 security update (RHSA-2025:10128)
(Issued: 2025-07-01) | CVE-2024-12718
CVE-2025-4138
CVE-2025-4330
CVE-2025-4435
CVE-2025-4517
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Pending - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Pending
|
sudo security update (RHSA-2025:10110)
(Issued: 2025-07-01) | CVE-2025-32462
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Pending - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Pending
|
pam security update (RHSA-2025:10027)
(Issued: 2025-07-01) | CVE-2025-6020
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Pending - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Pending
|
libblockdev security update (RHSA-2025:9878)
(Issued: 2025-06-30) | CVE-2025-6019
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Pending
|
kernel security update (RHSA-2025:9580)
(Issued: 2025-06-25) | CVE-2022-48919
CVE-2024-50301
CVE-2024-53064
CVE-2025-21764
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Pending
|
gimp:2.8 security update (RHSA-2025:9165)
(Issued: 2025-06-17) | CVE-2025-5473
CVE-2025-48797
CVE-2025-48798
| High | - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending
|
container-tools:rhel8 security update (RHSA-2025:9142)
(Issued: 2025-06-17) | CVE-2025-22871
| Medium | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP33, 10.2.x SSP12 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
kernel security update (RHSA-2025:8743)
(Issued: 2025-06-10) | CVE-2022-49395
| Medium | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1.x SSP34, 10.2 SSP12 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP33, 10.2.x SSP12 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP34, 10.2 SSP12 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP34, 10.2 SSP12 or later
|
thunderbird security update (RHSA-2025:8756)
(Issued: 2025-06-10) | CVE-2025-3875
CVE-2025-3877
CVE-2025-3909
CVE-2025-3932
CVE-2025-4918
CVE-2025-4919
CVE-2025-5263
CVE-2025-5264
CVE-2025-5266
CVE-2025-5267
CVE-2025-5268
CVE-2025-5269
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
glibc security update (RHSA-2025:8686)
(Issued: 2025-06-09) | CVE-2025-4802
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1.x SSP34, 10.2 SSP12 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP33, 10.2.x SSP12 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP34, 10.2 SSP12 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP34, 10.2 SSP12 or later
|
libxslt security update (RHSA-2025:8676)
(Issued: 2025-06-09) | CVE-2023-40403
| Medium | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1.x SSP34, 10.2 SSP12 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP33, 10.2.x SSP12 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP34, 10.2 SSP12 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP34, 10.2 SSP12 or later
|
nodejs:20 security update (RHSA-2025:8514)
(Issued: 2025-06-04) | CVE-2025-23166
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
nodejs:22 security update (RHSA-2025:8506)
(Issued: 2025-06-04) | CVE-2025-23166
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
go-toolset:rhel8 security update (RHSA-2025:8478)
(Issued: 2025-06-04) | CVE-2025-22871
| Medium | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
perl-CPAN security update (RHSA-2025:8432)
(Issued: 2025-06-03) | CVE-2020-16156
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1.x SSP34, 10.2 SSP12 or later - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP33, 10.2.x SSP12 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP34, 10.2 SSP12 or later
|
ghostscript security update (RHSA-2025:8421)
(Issued: 2025-06-03) | CVE-2025-27832
| Medium | - Avaya CMS: R21.x, R20.x,
Resolution: Pending
|
python36:3.6 security update (RHSA-2025:8419)
(Issued: 2025-06-03) | CVE-2024-5629
| Medium | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP27, 10.2 SSP10 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Install R21.0.0.0 or later - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP29, 10.2.x SSP10 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP10 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Install 10.2.1.0 or later - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP30, 10.2 SSP10 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP30, 10.2 SSP10 or later
|
krb5 security update (RHSA-2025:8411)
(Issued: 2025-06-03) | CVE-2025-3576
| Medium | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1.x SSP34, 10.2 SSP12 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP34, 10.2 SSP12 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP34, 10.2 SSP12 or later
|
git security update (RHSA-2025:8414)
(Issued: 2025-06-03) | CVE-2024-52005
| High | - Avaya Aura® Device Services: 10.x,
Resolution: Pending
|
firefox security update (RHSA-2025:8308)
(Issued: 2025-05-29) | CVE-2025-5263
CVE-2025-5264
CVE-2025-5266
CVE-2025-5267
CVE-2025-5268
CVE-2025-5269
| Medium | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
kernel security update (RHSA-2025:8246)
(Issued: 2025-05-28) | CVE-2024-43842
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1.x SSP34, 10.2 SSP12 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP33, 10.2.x SSP12 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP34, 10.2 SSP12 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP34, 10.2 SSP12 or later
|
gstreamer1-plugins-bad-free security update (RHSA-2025:8201)
(Issued: 2025-05-27) | CVE-2025-3887
| High | - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP33, 10.2.x SSP12 or later - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending
|
libsoup security update (RHSA-2025:8132)
(Issued: 2025-05-26) | CVE-2025-2784
CVE-2025-4948
CVE-2025-32049
CVE-2025-32914
| High | - Avaya CMS: R21.x, R20.x,
Resolution: Install R21.0.2.0 or later - Avaya Experience Portal: 8.x,
Resolution: Pending - Avaya Session Border Controller for Enterprise: 10.x,
Resolution: Pending
|
firefox security update (RHSA-2025:8060)
(Issued: 2025-05-21) | CVE-2025-4918
CVE-2025-4919
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
kernel security update (RHSA-2025:8056)
(Issued: 2025-05-21) | CVE-2024-40906
CVE-2024-44970
CVE-2025-21756
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1.x SSP34, 10.2 SSP12 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP33, 10.2.x SSP12 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP34, 10.2 SSP12 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP12 or later
|
compat-openssl10 security update (RHSA-2025:7895)
(Issued: 2025-05-19) | CVE-2023-0286
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1.x SSP34, 10.2 SSP11 or later - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP33, 10.2.x SSP11 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
libjpeg-turbo security update (RHSA-2025:7540)
(Issued: 2025-05-14) | CVE-2020-13790
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1.x SSP34, 10.2 SSP11 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Install R21.0.2.0 or later - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP33, 10.2.x SSP11 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP34, 10.2 SSP11 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later
|
kernel security update (RHSA-2025:7531)
(Issued: 2025-05-14) | CVE-2022-49011
CVE-2024-53141
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1.x SSP34, 10.2 SSP11 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP33, 10.2.x SSP11 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP34, 10.2 SSP11 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later
|
thunderbird security update (RHSA-2025:4797)
(Issued: 2025-05-12) | CVE-2025-2817
CVE-2025-4083
CVE-2025-4087
CVE-2025-4091
CVE-2025-4093
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
python39:3.9 security update (RHSA-2025:4791)
(Issued: 2025-05-12) | CVE-2022-2255
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
libtiff security update (RHSA-2025:4658)
(Issued: 2025-05-07) | CVE-2017-17095
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Install R21.0.2.0 or later - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP32, 10.2.x SSP11 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later
|
thunderbird security update (RHSA-2025:4649)
(Issued: 2025-05-07) | CVE-2025-2830
CVE-2025-3522
CVE-2025-3523
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
nodejs:20 security update (RHSA-2025:4461)
(Issued: 2025-05-05) | CVE-2025-31498
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
nodejs:22 security update (RHSA-2025:4459)
(Issued: 2025-05-05) | CVE-2025-3277
CVE-2025-31498
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
firefox security update (RHSA-2025:4458)
(Issued: 2025-05-05) | CVE-2025-2817
CVE-2025-4083
CVE-2025-4087
CVE-2025-4091
CVE-2025-4093
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
ghostscript security update (RHSA-2025:4362)
(Issued: 2025-04-30) | CVE-2020-27792
CVE-2023-46751
CVE-2024-46951
CVE-2024-46952
CVE-2024-46953
CVE-2024-46954
CVE-2024-46956
| High | - Avaya CMS: R21.x, R20.x,
Resolution: Install R21.0.2.0 or later
|
thunderbird security update (RHSA-2025:4170)
(Issued: 2025-04-24) | CVE-2025-3028
CVE-2025-3029
CVE-2025-3030
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
libtasn1 security update (RHSA-2025:4049)
(Issued: 2025-04-23) | CVE-2024-12133
| Medium | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Install R21.0.2.0 or later - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP32, 10.2.x SSP11 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later
|
xmlrpc-c security update (RHSA-2025:4048)
(Issued: 2025-04-23) | CVE-2024-8176
| High | - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later
|
gnutls security update (RHSA-2025:4051)
(Issued: 2025-04-23) | CVE-2024-12243
| Medium | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Install R21.0.2.0 or later - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP32, 10.2.x SSP11 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later
|
webkit2gtk3 security update (RHSA-2025:3974)
(Issued: 2025-04-17) | CVE-2024-44192
CVE-2024-54467
CVE-2024-54551
CVE-2025-24208
CVE-2025-24209
CVE-2025-24216
CVE-2025-30427
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
java-17-openjdk security update (RHSA-2025:3852)
(Issued: 2025-04-16) | CVE-2025-21587
CVE-2025-30691
CVE-2025-30698
| High | - Avaya CMS: R21.x, R20.x,
Resolution: Install R21.0.2.0 or later - Avaya Session Border Controller for Enterprise: 10.x,
Resolution: Pending
|
expat security update (RHSA-2025:3913)
(Issued: 2025-04-15) | CVE-2024-8176
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Install R21.0.2.0 or later - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP32, 10.2.x SSP11 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later
|
kernel security update (RHSA-2025:3893)
(Issued: 2025-04-15) | CVE-2024-53150
CVE-2024-53241
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP32, 10.2.x SSP11 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later
|
glibc security update (RHSA-2025:3828)
(Issued: 2025-04-14) | CVE-2025-0395
| Medium | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP32, 10.2.x SSP11 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later
|
go-toolset:rhel8 security update (RHSA-2025:3772)
(Issued: 2025-04-10) | CVE-2024-45336
CVE-2024-45341
| Medium | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
tomcat security update (RHSA-2025:3683)
(Issued: 2025-04-08) | CVE-2024-50379
CVE-2025-24813
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.2.1.1 or later
|
libxslt security update (RHSA-2025:3615)
(Issued: 2025-04-07) | CVE-2024-55549
CVE-2025-24855
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Install R21.0.2.0 or later - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP32, 10.2.x SSP11 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP11 or later
|
firefox security update (RHSA-2025:3582)
(Issued: 2025-04-03) | CVE-2025-3028
CVE-2025-3029
CVE-2025-3030
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
python-jinja2 security update (RHSA-2025:3388)
(Issued: 2025-03-31) | CVE-2025-27516
| High | - Avaya Session Border Controller for Enterprise: 10.x,
Resolution: Pending
|
kernel security update (RHSA-2025:3260)
(Issued: 2025-03-26) | CVE-2025-21785
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP10 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP32, 10.2.x SSP10 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP13 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP10 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP33, 10.2 SSP10 or later
|
container-tools:rhel8 security update (RHSA-2025:3210)
(Issued: 2025-03-26) | CVE-2025-22869
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP32, 10.2.x SSP10 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates
|
kernel security update (RHSA-2025:3026)
(Issued: 2025-03-19) | CVE-2023-52922
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP10 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP31, 10.2.x SSP10 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP11 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP10 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP10 or later
|
thunderbird security update (RHSA-2025:2900)
(Issued: 2025-03-17) | CVE-2025-1937
CVE-2025-1938
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
webkit2gtk3 security update (RHSA-2025:2863)
(Issued: 2025-03-17) | CVE-2025-24201
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
rsync security update (RHSA-2025:2600)
(Issued: 2025-03-11) | CVE-2024-12087
CVE-2024-12088
CVE-2024-12747
| Medium | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP10 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Install R21.0.2.0 or later - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP31, 10.2.x SSP10 or later - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP10 or later
|
kernel security update (RHSA-2025:2473)
(Issued: 2025-03-10) | CVE-2024-50302
CVE-2024-53197
CVE-2024-57807
CVE-2024-57979
| Medium | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP10 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP31, 10.2.x SSP10 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP11 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP10 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP10 or later
|
firefox security update (RHSA-2025:2452)
(Issued: 2025-03-06) | CVE-2025-1930
CVE-2025-1931
CVE-2025-1932
CVE-2025-1933
CVE-2025-1934
CVE-2025-1935
CVE-2025-1936
CVE-2025-1937
CVE-2025-1938
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
webkit2gtk3 security update (RHSA-2025:2034)
(Issued: 2025-03-03) | CVE-2024-54543
CVE-2025-24143
CVE-2025-24150
CVE-2025-24158
CVE-2025-24162
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
emacs security update (RHSA-2025:1917)
(Issued: 2025-02-27) | CVE-2025-1244
| High | - Avaya CMS: R21.x, R20.x,
Resolution: Install R21.0.2.0 or later - Avaya Communication Manager: 10.x,
Resolution: Install 10.1.x SSP31, 10.2.x SSP10 or later - Avaya Device Services: 10.x,
Resolution: Pending - Avaya Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya System Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP10 or later
|
postgresql:13 security update (RHSA-2025:1736)
(Issued: 2025-02-20) | CVE-2025-1094
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
libpq security update (RHSA-2025:1737)
(Issued: 2025-02-20) | CVE-2025-1094
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP11 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later
|
bind security update (RHSA-2025:1675)
(Issued: 2025-02-19) | CVE-2024-11187
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP31, 10.2.x SSP9 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP11 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later
|
mysql:8.0 security update (RHSA-2025:1673)
(Issued: 2025-02-19) | CVE-2024-5535
CVE-2024-7264
CVE-2024-11053
CVE-2024-21193
CVE-2024-21194
CVE-2024-21196
CVE-2024-21197
CVE-2024-21198
CVE-2024-21199
CVE-2024-21201
CVE-2024-21203
CVE-2024-21212
CVE-2024-21213
CVE-2024-21218
CVE-2024-21219
CVE-2024-21230
CVE-2024-21231
CVE-2024-21236
CVE-2024-21237
CVE-2024-21238
CVE-2024-21239
CVE-2024-21241
CVE-2024-21247
CVE-2024-37371
CVE-2025-21490
CVE-2025-21491
CVE-2025-21494
CVE-2025-21497
CVE-2025-21500
CVE-2025-21501
CVE-2025-21503
CVE-2025-21504
CVE-2025-21505
CVE-2025-21518
CVE-2025-21519
CVE-2025-21520
CVE-2025-21521
CVE-2025-21522
CVE-2025-21523
CVE-2025-21525
CVE-2025-21529
CVE-2025-21531
CVE-2025-21534
CVE-2025-21536
CVE-2025-21540
CVE-2025-21543
CVE-2025-21546
CVE-2025-21555
CVE-2025-21559
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
libxml2 security update (RHSA-2025:1517)
(Issued: 2025-02-17) | CVE-2022-49043
| Medium | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP31, 10.2.x SSP9 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP11 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later
|
nodejs:22 security update (RHSA-2025:1611)
(Issued: 2025-02-17) | CVE-2025-22150
CVE-2025-23083
CVE-2025-23085
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
nodejs:18 security update (RHSA-2025:1582)
(Issued: 2025-02-17) | CVE-2025-22150
CVE-2025-23085
| Medium | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
container-tools:rhel8 security update (RHSA-2025:1372)
(Issued: 2025-02-13) | CVE-2024-11218
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP31, 10.2.x SSP9 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates
|
nodejs:20 security update (RHSA-2025:1351)
(Issued: 2025-02-12) | CVE-2025-22150
CVE-2025-23083
CVE-2025-23085
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
kernel security update (RHSA-2025:1266)
(Issued: 2025-02-11) | CVE-2024-53104
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP31, 10.2.x SSP9 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP11 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later
|
gcc security update (RHSA-2025:1301)
(Issued: 2025-02-11) | CVE-2020-11023
| Medium | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP11 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later
|
thunderbird security update (RHSA-2025:1292)
(Issued: 2025-02-11) | CVE-2025-0510
CVE-2025-1009
CVE-2025-1010
CVE-2025-1011
CVE-2025-1012
CVE-2025-1013
CVE-2025-1014
CVE-2025-1015
CVE-2025-1016
CVE-2025-1017
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
firefox security update (RHSA-2025:1283)
(Issued: 2025-02-11) | CVE-2025-1009
CVE-2025-1010
CVE-2025-1011
CVE-2025-1012
CVE-2025-1013
CVE-2025-1014
CVE-2025-1016
CVE-2025-1017
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
libsoup security update (RHSA-2025:0838)
(Issued: 2025-01-30) | CVE-2024-52531
| Critical | - Avaya CMS: R21.x, R20.x,
Resolution: Install R21.0.2.0 or later - Avaya Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Session Border Controller for Enterprise: 10.x,
Resolution: Pending
|
unbound security update (RHSA-2025:0837)
(Issued: 2025-01-30) | CVE-2024-1488
CVE-2024-8508
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Install R21.0.2.0 or later - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP31, 10.2.x SSP9 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP11 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later
|
gimp:2.8 security update (RHSA-2025:0746)
(Issued: 2025-01-28) | CVE-2023-44442
CVE-2023-44443
CVE-2023-44444
| High | - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending
|
keepalived security update (RHSA-2025:0743)
(Issued: 2025-01-28) | CVE-2024-41184
| Medium | - Avaya Aura® Device Services: 10.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Install 10.1.2.0 or later
|
bzip2 security and bug fix update (RHSA-2025:0733)
(Issued: 2025-01-28) | CVE-2019-12900
| Medium | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Install R21.0.2.0 or later - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP31, 10.2.x SSP9 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP11 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP32, 10.2 SSP9 or later
|
java-17-openjdk security update for RHEL 8.6, 8.8, 8.10, 9.4 and 9.5 (RHSA-2025:0422)
(Issued: 2025-01-22) | CVE-2025-21502
| Medium | - Avaya CMS: R21.x, R20.x,
Resolution: Install R21.0.2.0 or later - Avaya Session Border Controller for Enterprise: 10.x,
Resolution: Pending
|
rsync security update (RHSA-2025:0325)
(Issued: 2025-01-15) | CVE-2024-12085
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP31, 10.2 SSP9 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Install R21.0.2.0 or later - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP30, 10.2.x SSP9 or later - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP31, 10.2 SSP9 or later
|
webkit2gtk3 security update (RHSA-2025:0145)
(Issued: 2025-01-09) | CVE-2024-54479
CVE-2024-54502
CVE-2024-54505
CVE-2024-54508
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
firefox security update (RHSA-2025:0144)
(Issued: 2025-01-09) | CVE-2025-0237
CVE-2025-0238
CVE-2025-0239
CVE-2025-0240
CVE-2025-0241
CVE-2025-0242
CVE-2025-0243
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
python-requests security update (RHSA-2025:0012)
(Issued: 2025-01-02) | CVE-2024-35195
| Medium | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Install 10.1 SSP31, 10.2 SSP9 or later - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Install R21.0.2.0 or later - Avaya Aura® Communication Manager: 10.x,
Resolution: Install 10.1.x SSP30, 10.2.x SSP9 or later - Avaya Aura® Device Services: 10.x,
Resolution: Install 10.x SSP11 or later - Avaya Aura® Experience Portal: 8.x,
Resolution: Install 8.x Latest Security Updates - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Install 10.1 SSP31, 10.2 SSP9 or later - Avaya Aura® System Manager: 10.x,
Resolution: Install 10.1 SSP31, 10.2 SSP9 or later
|
libxml2 security update (RHSA-2025:12450)
(Issued: 07/31/2025) | CVE-2025-7425
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Pending - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Pending
|
unbound security update (RHSA-2025:11884)
(Issued: 07/28/2025) | CVE-2025-5994
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Pending - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Pending
|
kernel security update (RHSA-2025:11850)
(Issued: 07/28/2025) | CVE-2022-49977
CVE-2025-21905
CVE-2025-21919
| High | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Pending - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Pending
|
perl security update (RHSA-2025:11805)
(Issued: 07/28/2025) | CVE-2025-40909
| Medium | - Avaya Aura® Application Enablement Services: 10.x,
Resolution: Pending - Avaya Aura® CMS: R21.x, R20.x,
Resolution: Pending - Avaya Aura® Communication Manager: 10.x,
Resolution: Pending - Avaya Aura® Device Services: 10.x,
Resolution: Pending - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending - Avaya Aura® Session Border Controller for Enterprise: 10.x,
Resolution: Pending - Avaya Aura® Session Manager: 10.x,
Resolution: Pending - Avaya Aura® System Manager: 10.x,
Resolution: Pending
|
nodejs:22 security update (RHSA-2025:11803)
(Issued: 07/28/2025) | CVE-2025-6965
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
firefox security update (RHSA-2025:11747)
(Issued: 07/24/2025) | CVE-2025-8027
CVE-2025-8028
CVE-2025-8029
CVE-2025-8030
CVE-2025-8031
CVE-2025-8032
CVE-2025-8033
CVE-2025-8034
CVE-2025-8035
| High | - Avaya Aura® Experience Portal: 8.x,
Resolution: Pending
|
Avaya software-only products operate on general-purpose operating systems. Occasionally, vulnerabilities may be discovered in the underlying operating system or applications that come with the operating system. These vulnerabilities may not impact the software-only product directly but may threaten the integrity of the underlying platform.
In the event an affected package is installed, review the Avaya product software-only RPM updates documentation before following the mitigation actions provided by the operating system vendor. DO NOT install Security Service Packs (SSP) on software-only products. Failure to follow these requirements may result in system breakage and may impact support agreements.
Avaya strongly recommends following networking and security best practices by implementing firewalls, ACLs, physical security or other appropriate access restrictions. Though Avaya believes such restrictions should always be in place, risk to Avaya products and the surrounding network from this potential vulnerability may be mitigated by ensuring these practices are implemented until such time as an Avaya provided product update or the recommended Avaya action is applied. Further restrictions as deemed necessary based on the customer's security policies may be required during this interim period, but the System Product operating system or application should not be modified unless the change is approved by Avaya. Making changes that are not approved may void the Avaya product service contract.
All information is believed to be correct at the time of publication, is provided "as is", and is applicable only to product versions eligible for manufacturer support in accordance with Avaya Product Life Cycle Policy. Avaya LLC., on behalf itself and its subsidiaries and affiliates (hereinafter collectively referred to as "Avaya"), disclaims all warranties, either extras or implied, including but not limited to the warranties of merchantability and fitness for a particular purpose and furthermore, Avaya makes no representations or warranties that the steps recommended will eliminate security or virus threats to customers' systems. In no event shall Avaya be liable for any damages whatsoever arising out of or in connection with the information or recommended action provided herein, including direct, indirect, incidental, statutory , consequential damages, loss of business profits or special damages, even if Avaya has been advised of the possibility of such damages.
The information provided here does not affect the support agreements in place for Avaya products. Support for Avaya products continues to be executed as per existing agreements with Avaya.
© 2025 Avaya Inc. All Rights Reserved. All trademarks identifying Avaya products by the ® or ™ are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners.