Security Advisories

Ava-640 Preliminary vulnerability advisory
Release Date 9 May 2022. Overview Ava Security have found a vulnerability in the Ava Aware software and are resolving the issue. Further details relatin...
Mon, 9 May, 2022 at 7:16 PM
Ava-625: Denial of service of Ava Aware Cloud by uploading large map
Release Date 28th Apr 2022. Overview Ava Aware Cloud would restart if a user uploaded a large map to the map view. Affected Products Ava Aware: All S...
Thu, 28 Apr, 2022 at 11:37 AM
Ava-627: Possible to continue watching video outside specified range with external link
Release Date 22nd April 2022. Overview It was possible to continue watching the video stream past the specified time range shared with an external link. ...
Wed, 20 Apr, 2022 at 3:11 PM
Ava-622: Last IP address used value in external viewers table could be spoofed
Release Date 18th March 2022. Overview It was possible to craft an Ava Aware API request to set the last IP address used value in the table of external v...
Fri, 18 Mar, 2022 at 10:21 AM
Ava-589: Ava Aware servers could be claimed by other deployments
Release Date 14th March 2022. Overview An attacker with access to an Ava Aware deployment could claim servers that belong to another deployment. This vu...
Wed, 16 Mar, 2022 at 3:47 PM
Ava-614: Encrypted footage cloud backup data encryption key appearing in audit logs
Release Date 2nd March 2022. Overview In some circumstances a encrypted version of the footage cloud backup data encryption key can be logged to the inte...
Mon, 14 Mar, 2022 at 5:46 PM
Ava-460: Serial number could be leaked in man-in-the-middle attack
Release Date 14th March 2022. Overview Under specific video streaming circumstances the Aware instance serial number may be leaked during the Ava Smart P...
Mon, 14 Mar, 2022 at 5:46 PM
Ava-602: Permissions not enforced for viewing video in Ava Aware
Release Date 14th March 2022. Overview Any authenticated Ava Aware user could view live video and view historic video from any camera in the deployment r...
Mon, 14 Mar, 2022 at 5:46 PM
Ava-609: Count rules could be deleted without the appropriate permissions
Release Date 14th March 2022. Overview An authenticated Ava Aware user with the permission to delete counting areas could delete associated count rules w...
Mon, 14 Mar, 2022 at 5:45 PM
Ava-449: Possible information disclosure from API
Release Date 22th December 2021. Overview Under specific circumstances, our web service was configured to display detailed error messages. This could hav...
Tue, 1 Feb, 2022 at 10:00 PM