Vulnerability Details CVE-2023-7031
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.7%
CVSS Severity
CVSS v3 Score 5.7
References
Products affected by CVE-2023-7031
-
cpe:2.3:a:avaya:aura_experience_portal:8.0.0
-
cpe:2.3:a:avaya:aura_experience_portal:8.0.0.0.1217
-
cpe:2.3:a:avaya:aura_experience_portal:8.1.0
-
cpe:2.3:a:avaya:aura_experience_portal:8.1.0.0.0233
-
cpe:2.3:a:avaya:aura_experience_portal:8.1.1.0.0122
-
cpe:2.3:a:avaya:aura_experience_portal:8.1.2.0.0202
-
cpe:2.3:a:avaya:aura_experience_portal:8.1.2.0.0328
-
cpe:2.3:a:avaya:aura_experience_portal:8.1.2.0.0347
-
cpe:2.3:a:avaya:aura_experience_portal:8.1.2.0.0360
-
cpe:2.3:a:avaya:aura_experience_portal:8.1.2.0.0374
-
cpe:2.3:a:avaya:aura_experience_portal:8.1.2.0.0377
-
cpe:2.3:a:avaya:aura_experience_portal:8.1.2.0.0394
-
cpe:2.3:a:avaya:aura_experience_portal:8.1.2.0.0399