PT-2021-16732 · Avaya · Avaya Aura Experience Portal

Hieu Tran

Published

2021-06-24

Updated

2021-06-30

CVE-2021-25655

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Avaya Aura Experience Portal versions 7.0 through 7.2.3 Avaya Aura Experience Portal version 8.0.0

Description A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack.

Recommendations For Avaya Aura Experience Portal versions 7.0 through 7.2.3, apply the hotfix to resolve the issue. For Avaya Aura Experience Portal version 8.0.0, apply the hotfix to resolve the issue.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2021-25655

Affected Products

Avaya Aura Experience Portal

PT-2021-16732 · Avaya · Avaya Aura Experience Portal

CVE-2021-25655

Weakness Enumeration

Related Identifiers

Affected Products

References · 4