Shelby Spencer

Researcher fromFusionX
#10761of 53,633
25.6Total CVSS
Vulnerabilities · 4
Medium
2
High
2
PT-2021-3463
7.8
2021-06-25
Avaya · Avaya Aura Device Services · CVE-2021-25654
**Name of the Vulnerable Software and Affected Versions** Avaya Aura Device Services versions 7.0 through 8.1.4.0 **Description** An arbitrary code execution issue was discovered in Avaya Aura Device Services, potentially allowing a local user to execute specially crafted scripts. The vulnerability is related to the creation of temporary files with insecure permissions. **Recommendations** For versions 7.0 through 8.1.4.0, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2021-16730
5.5
2021-06-24
Avaya · Avaya Aura Appliance Virtualization Platform Utilities · CVE-2021-25652
**Name of the Vulnerable Software and Affected Versions** Avaya Aura Appliance Virtualization Platform Utilities (AVPU) versions 8.0.0.0 through 8.1.3.1 **Description** An information disclosure issue was discovered in the directory and file management of AVPU, potentially allowing any local user to access system functionality and configuration information that should only be available to a privileged user. **Recommendations** For versions 8.0.0.0 through 8.1.3.1, update to a version that contains a fix for this issue to prevent unauthorized access to system functionality and configuration information.
PT-2021-16731
8.0
2021-06-24
Avaya · Avaya Aura Appliance Virtualization Platform Utilities · CVE-2021-25653
**Name of the Vulnerable Software and Affected Versions** Avaya Aura Appliance Virtualization Platform Utilities (AVPU) versions 8.0.0.0 through 8.1.3.1 **Description** A privilege escalation issue was discovered that may allow a local user to escalate privileges. **Recommendations** For versions 8.0.0.0 through 8.1.3.1, at the moment, there is no information about a newer version that contains a fix for this issue.
PT-2021-19601
4.3
2021-06-10
Annex Cloud · Annex Cloud Loyalty Experience Platform · CVE-2021-31927
Name of the Vulnerable Software and Affected Versions: Annex Cloud Loyalty Experience Platform versions prior to 2021.1.0.2 Description: The issue is related to an Insecure Direct Object Reference (IDOR) that allows any authenticated attacker to modify existing users, including those assigned to different environments and clients. Recommendations: For versions prior to 2021.1.0.2, update to version 2021.1.0.2 or later to resolve the issue.