CVE-2021-25655

MEDIUM

Avaya Aura Experience Portal 7.0-7.2.3 and 8.0.0 - URL Redirection to Untrusted Site via Service Menu Component

Title source: llm
STIX 2.1

Description

A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://downloads.avaya.com/css/P8/documents/101076234

Scores

CVSS v3 4.4
EPSS 0.0038
EPSS Percentile 29.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Details

CWE
CWE-601
Status published
Products (2)
avaya/aura_experience_portal 8.0.0
avaya/aura_experience_portal 7.0 - 7.2.3
Published Jun 24, 2021
Tracked Since Feb 18, 2026