CVE-2023-7031
Avaya Experience Portal Manager Insecure Direct Object Reference Vulnerabilities
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support.
Se descubrieron vulnerabilidades de referencia directa de objetos inseguros en Avaya Aura Experience Portal Manager que pueden permitir la divulgación parcial de información a un usuario autenticado sin privilegios. Las versiones afectadas incluyen 8.0.x y 8.1.x, anteriores al parche 0402 8.1.2. Las versiones anteriores a 8.0 finalizan el soporte del fabricante.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-12-20 CVE Reserved
- 2024-01-17 CVE Published
- 2024-01-26 EPSS Updated
- 2024-09-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
- CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.avaya.com/css/public/documents/101088063 | 2024-01-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Avaya Search vendor "Avaya" | Aura Experience Portal Search vendor "Avaya" for product "Aura Experience Portal" | >= 8.0.0 < 8.1.2.0.0402 Search vendor "Avaya" for product "Aura Experience Portal" and version " >= 8.0.0 < 8.1.2.0.0402" | - |
Affected
| ||||||