← Back

Aura Experience Portal

aura_experience_portal

Vendor: Avaya • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-7031
1Avaya
1Aura Experience Portal
Nov 21, 2024
Jan 17, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions inclu...Show more
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support.Show less
CVE-2021-25656
1Avaya
1Aura Experience Portal
Nov 21, 2024
Jun 24, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0...Show more
Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).Show less
CVE-2021-25655
1Avaya
1Aura Experience Portal
Nov 21, 2024
Jun 24, 2021
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix)...Show more
A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).Show less
CVE-2016-5285
5Avaya
DebianMozilla+2 more
27Aura Application Enablement Services
Aura Application Server 5300Aura Communication Manager+24 more
Nov 21, 2024
Nov 15, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a...Show more
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.Show less