Описание
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 8.0.0 (включая) до 8.1.2.0.0402 (исключая)
cpe:2.3:a:avaya:aura_experience_portal:*:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00072
Низкий
5.7 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-200
CWE-639
Связанные уязвимости
CVSS3: 5.7
github
около 2 лет назад
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support.
EPSS
Процентиль: 22%
0.00072
Низкий
5.7 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-200
CWE-639