CVE-2021-25652

MEDIUM

Avaya Aura Appliance Virtualization Platform - Information Disclosure

Title source: rule

Description

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.

References (1)

[Vendor Advisory] https://support.avaya.com/css/P8/documents/101076479

Scores

CVSS v3 4.9

EPSS 0.0015

EPSS Percentile 35.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200 CWE-668

Status published

Affected Products (1)

avaya/aura_appliance_virtualization_platform < 8.1.3.1

Timeline

Published Jun 24, 2021

Tracked Since Feb 18, 2026