Information disclosure

2024-01-1719:15:00

PRIOn knowledge base

www.prio-n.com

information disclosure

avaya aura

vulnerabilities

non-privileged users

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.1%

JSON

Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support.

CPENameOperatorVersion
aura_experience_portalge8.0.0
aura_experience_portallt8.1.2.0.0402

CPE	Name	Operator	Version
	aura_experience_portal	ge	8.0.0
	aura_experience_portal	lt	8.1.2.0.0402

References

support.avaya.com/css/public/documents/101088063