CVE-2021-25652
MEDIUMAvaya Aura Appliance Virtualization Platform 8.0.0.0-8.1.3.1 - Unauthorized Information Disclosure
Title source: llmDescription
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.avaya.com/css/P8/documents/101076479
Scores
CVSS v3
4.9
EPSS
0.0070
EPSS Percentile
48.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
CWE-668
Status
published
Products (1)
avaya/aura_appliance_virtualization_platform
8.0.0.0 - 8.1.3.1
Published
Jun 24, 2021
Tracked Since
Feb 18, 2026