Vulnerabilities > CVE-2021-25652 - Exposure of Resource to Wrong Sphere vulnerability in Avaya Aura Appliance Virtualization Platform 8.0.0.0/8.1.3.1

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
avaya
CWE-668

Summary

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.

Common Weakness Enumeration (CWE)