PT-2024-15184 · Avaya · Avaya Aura Experience Portal Manager
Aamir Rehman Yousafzai
·
Published
2024-01-17
·
Updated
2024-01-25
·
CVE-2023-7031
CVSS v3.1
5.7
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Avaya Aura Experience Portal Manager versions 8.0.x through 8.1.x prior to 8.1.2 patch 0402
Avaya Aura Experience Portal Manager versions prior to 8.0
Description
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager, which may allow partial information disclosure to an authenticated non-privileged user.
Recommendations
For Avaya Aura Experience Portal Manager versions 8.0.x through 8.1.x prior to 8.1.2 patch 0402, apply patch 0402 to resolve the issue.
For Avaya Aura Experience Portal Manager versions prior to 8.0, consider upgrading to a supported version, as these versions are end of manufacturer support.
Fix
IDOR
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Avaya Aura Experience Portal Manager