Greatly appreciate you taking advantage of the IAUG forums.
I'm Martin Walker, product manager for Avaya Aura Contact Center.
I've discussed with Engineering and Avaya is reviewing the issue.
@ Gregory Knott, we will be in contact with you directly.
And following normal procedures, we'll publish updates via Product Support Notice process in due course.
------------------------------
Martin Walker Avaya
Product Manager
Avaya
Galway
------------------------------
Original Message:
Sent: 04-04-2024 03:17 AM
From: Gregory Knott
Subject: Avaya Aura Contact Center - CCS CCT API SDK
Avaya is refusing to update product SDK which has 47 security vulnerabilities.
I recommend to move away from Avaya contact center solutions.
jackson-databind vulnerabilities
CVE-2017-17485
CVE-2018-11307
CVE-2018-14719
CVE-2018-7489
CVE-2019-14379
CVE-2019-16942
CVE-2019-17267
CVE-2020-9547
CVE-2020-9548
CVE-2018-12022
CVE-2018-5968
CVE-2019-12086
CVE-2020-10650
CVE-2020-24616
CVE-2020-35490
CVE-2020-35491
CVE-2020-35728
CVE-2020-36184
CVE-2020-36185
CVE-2020-36186
CVE-2020-36187
CVE-2020-36518
CVE-2022-42003
CVE-2022-42004
------------------------------
Gregory Knott
Investec
Sandown
------------------------------