A CSRF vulnerability in the Runtime Config component of Avaya Aura® Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura® Orchestration Designer include all versions up to 7.2.1.