CVE-2023-7031

Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support.
Configurations

Configuration 1 (hide)

cpe:2.3:a:avaya:aura_experience_portal:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:45

Type Values Removed Values Added
References () https://support.avaya.com/css/public/documents/101088063 - Vendor Advisory () https://support.avaya.com/css/public/documents/101088063 - Vendor Advisory
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 5.7

25 Jan 2024, 16:32

Type Values Removed Values Added
References () https://support.avaya.com/css/public/documents/101088063 - () https://support.avaya.com/css/public/documents/101088063 - Vendor Advisory
CWE CWE-639
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
CPE cpe:2.3:a:avaya:aura_experience_portal:*:*:*:*:*:*:*:*

17 Jan 2024, 19:22

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-17 19:15

Updated : 2024-11-21 08:45


NVD link : CVE-2023-7031

Mitre link : CVE-2023-7031

CVE.ORG link : CVE-2023-7031


JSON object : View

Products Affected

avaya

  • aura_experience_portal
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-639

Authorization Bypass Through User-Controlled Key