Vulnerabilities (CVE)

Filtered by vendor Avaya Subscribe
Filtered by product Aura Experience Portal
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-7031 1 Avaya 1 Aura Experience Portal 2024-11-21 N/A 5.7 MEDIUM
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support.
CVE-2021-25656 1 Avaya 1 Aura Experience Portal 2024-11-21 3.5 LOW 5.3 MEDIUM
Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).
CVE-2021-25655 1 Avaya 1 Aura Experience Portal 2024-11-21 5.8 MEDIUM 4.4 MEDIUM
A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).
CVE-2016-5285 5 Avaya, Debian, Mozilla and 2 more 32 Aura Application Enablement Services, Aura Application Server 5300, Aura Communication Manager and 29 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.