Vulnerabilities > Avaya > Aura Experience Portal

DATE CVE VULNERABILITY TITLE RISK
2024-01-17 CVE-2023-7031 Authorization Bypass Through User-Controlled Key vulnerability in Avaya Aura Experience Portal
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user.
network
low complexity
avaya CWE-639
4.3
2021-06-24 CVE-2021-25655 Open Redirect vulnerability in Avaya Aura Experience Portal 7.1/8.0.0
A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack.
network
low complexity
avaya CWE-601
6.1
2021-06-24 CVE-2021-25656 Cross-site Scripting vulnerability in Avaya Aura Experience Portal 7.1/8.0.0
Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information.
network
low complexity
avaya CWE-79
5.4
2019-11-15 CVE-2016-5285 NULL Pointer Dereference vulnerability in multiple products
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
network
low complexity
mozilla debian redhat suse avaya CWE-476
7.5