{"cve":{"cve_id":"CVE-2018-15610","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.01845,"epss_percentile":0.76271,"epss_as_of":"2026-06-23","description":"A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.","published_at":"2018-09-12T21:00:00Z","last_modified_at":null,"cvss_v3_score":7.3,"cvss_v3_vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-284"],"nvd_references":["https://downloads.avaya.com/css/P8/documents/101051984","https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:10:53.568548Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"avaya","vendor_name":"Avaya","product_slug":"ip-office","product_name":"IP Office","version_start":"9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2","version_start_inclusive":true,"version_end":"9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2","version_end_inclusive":true,"cpe23_uri":"cve5:avaya:ip-office:9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2:9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2"}],"exploit_refs":[],"news":[],"references":[{"url":"https://downloads.avaya.com/css/P8/documents/101051984","source_type":"MISC","tags":[]},{"url":"https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html","source_type":"EXPLOIT","tags":["exploit"]}],"timeline":[{"type":"published","at":"2018-09-12T21:00:00Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T16:57:42.003620Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T16:57:42.003620Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T16:57:42.003620Z","label":"CVSS score revised","source":"cvelistv5"}]}