CVE-2023-7031

CWE-200Information ExposureCWE-639Insecure Direct Object Reference3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 78.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Avaya Aura Experience PortalAvaya Experience Portal Manager
Timeline
PublishedJan 17

Description

Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages2 packages

NVDavaya/aura_experience_portal8.0.08.1.2.0.0402

🔴Vulnerability Details

2
CVEList
Avaya Experience Portal Manager Insecure Direct Object Reference Vulnerabilities2024-01-17
GHSA
GHSA-5m34-qpjq-hjhf: Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information discl2024-01-17
CVE-2023-7031 (MEDIUM CVSS 4.3) | Insecure Direct Object Reference vu | cvebase.io