From 1cb04b140f6fd771c05414a37abf11c5395ccae8 Mon Sep 17 00:00:00 2001
From: Brendan McDevitt <brendan@mcdevitt.tech>
Date: Fri, 20 May 2022 17:53:05 -0500
Subject: [PATCH] added avaya captured data potential example

---
 .../cnas_with_html_advisories.md              | 54 +++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/doc/cna_readme_notes/cnas_with_html_advisories.md b/doc/cna_readme_notes/cnas_with_html_advisories.md
index fb4fa83..3c0b0f1 100644
--- a/doc/cna_readme_notes/cnas_with_html_advisories.md
+++ b/doc/cna_readme_notes/cnas_with_html_advisories.md
@@ -211,6 +211,60 @@ https://www.autodesk.com/trust/security-advisories
 ### Advisory
 https://support.avaya.com/security
 #### Captured Data Potential From Advisory
+```
+{
+  :bulletin_id => 'ASA-2017-350',
+  :overview => 'PostgreSQL is an advanced object-relational database management system (DBMS). Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2017-12172 and CVE-2017-15097 to these issues. More information about these vulnerabilities can be found in the security advisory issued by Red Hat: https://access.redhat.com/errata/RHSA-2017:3402',
+  :affected_packages => [
+    {
+      :product => 'Avaya Aura® Application Enablement Services',
+      :versions => '7.1.0.0 through 7.1.2.0',
+      :resolution => 'Upgrade to 7.1.3.0 or later',
+      :information => 'The risk is mitigated because only administrative users have access to the database by default.'
+    },
+    {
+      :product => 'Avaya Aura® Utility Services',
+      :versions => '7.1.0.0 through 7.1.2.0',
+      :resolution => 'Upgrade to 7.1.3.0 or later',
+      :information => 'The risk is mitigated because only administrative users have access to the database by default.'
+    }
+  ],
+  :cvss_3.0_scoring_and_metrics => [
+    {
+      :vulnerability => 'CVE-2017-12172',
+      :cvssv3_base_score => '6.5 (Medium)',
+      :cvssv3_metrics => 'CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H',
+    },
+    {
+      :vulnerability => 'CVE-2017-15097',
+      :cvssv3_base_score => '6.5 (Medium)',
+      :cvssv3_metrics => 'CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H'
+    }
+  ],
+  :avaya_software_only_products => [
+    {
+      :product => 'Avaya Aura® Application Enablement Services',
+      :actions => 'Depending on the Operating System installed, the affected package may be installed on the underlying Operating System supporting the AES application.'
+    },
+    {
+      :product => 'Oceanalytics Elite',
+      :actions => 'Depending on the Operating System installed, the affected package may be installed on the underlying Operating System supporting the application.'
+    }
+  ],
+  :revision_history => [
+    {
+      :version => '1.0',
+      :date => 'December 18, 2017',
+      :description => 'Initial Statement issued.',
+    },
+    {
+      :version => '2.0',
+      :date => 'August 29, 2018',
+      :description => 'Updated versions and resolution for all products and set advisory status to Final.'
+    }
+  ]
+}
+```
 
 ## Becton, Dickinson and Company (BD)
 ### Advisory