CVE-2022-38168

Name of the Vulnerable Software and Affected Versions Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4

Description The issue allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification. This is a result of broken access control in user authentication.

Recommendations For Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4, consider restricting access to sensitive information and user password reset functionality until a patch is available. As a temporary workaround, monitor URL modifications to detect potential unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.