Lucene search

AvayaCVELIST:CVE-2021-25652

HistoryJun 24, 2021 - 8:55 a.m.

CVE-2021-25652 Avaya Aura Appliance Virtualization Platform Utilities Sensitive Information Disclosure Vulnerability

2021-06-2408:55:28

CWE-200

avaya

www.cve.org

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.

CNA Affected

[
  {
    "product": "Avaya Aura Appliance Virtualization Platform Utilities",
    "vendor": "Avaya",
    "versions": [
      {
        "lessThanOrEqual": "8.1.3.1",
        "status": "affected",
        "version": "8.0.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

support.avaya.com/css/P8/documents/101076479

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-25652