Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors.
https://exchange.xforce.ibmcloud.com/vulnerabilities/45750
http://www.vupen.com/english/advisories/2008/2774
http://www.voipshield.com/research-details.php?id=123
http://www.securityfocus.com/bid/31639
http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm