CVE-2021-25655

MEDIUM

Avaya Aura Experience Portal < 7.2.3 - Open Redirect

Title source: rule

Description

A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).

References (1)

[Patch, Vendor Advisory] https://downloads.avaya.com/css/P8/documents/101076234

Scores

CVSS v3 4.4

EPSS 0.0012

EPSS Percentile 30.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Classification

CWE

CWE-601

Status published

Affected Products (2)

avaya/aura_experience_portal < 7.2.3

avaya/aura_experience_portal

Timeline

Published Jun 24, 2021

Tracked Since Feb 18, 2026