System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896.Referenceshttp://www.securitytracker.com/id/1040329https://downloads.avaya.com/css/P8/documents/101038598http://www.securityfocus.com/bid/102940
