Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.
References
Link | Resource |
---|---|
https://medium.com/%40rob_nes/avaya-scopia-pathfinder-broken-access-control-ac792e995bae | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
07 Nov 2023, 03:50
Type | Values Removed | Values Added |
---|---|---|
Summary | Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification. |
08 Nov 2022, 16:06
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://medium.com/%40rob_nes/avaya-scopia-pathfinder-broken-access-control-ac792e995bae - Exploit, Third Party Advisory | |
CWE | CWE-306 | |
First Time |
Avaya scopia Pathfinder 10 Pts
Avaya scopia Pathfinder 10 Pts Firmware Avaya Avaya scopia Pathfinder 20 Pts Avaya scopia Pathfinder 20 Pts Firmware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
CPE | cpe:2.3:h:avaya:scopia_pathfinder_10_pts:-:*:*:*:*:*:*:* cpe:2.3:o:avaya:scopia_pathfinder_10_pts_firmware:8.3.7.0.4:*:*:*:*:*:*:* cpe:2.3:o:avaya:scopia_pathfinder_20_pts_firmware:8.3.7.0.4:*:*:*:*:*:*:* cpe:2.3:h:avaya:scopia_pathfinder_20_pts:-:*:*:*:*:*:*:* |
04 Nov 2022, 04:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | ** UNSUPPPORTED WHEN ASSIGNED **Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification. |
03 Nov 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-03 21:15
Updated : 2024-04-11 01:16
NVD link : CVE-2022-38168
Mitre link : CVE-2022-38168
CVE.ORG link : CVE-2022-38168
JSON object : View
Products Affected
avaya
- scopia_pathfinder_20_pts_firmware
- scopia_pathfinder_20_pts
- scopia_pathfinder_10_pts_firmware
- scopia_pathfinder_10_pts
CWE
CWE-306
Missing Authentication for Critical Function