CVE-2021-25655

Summary

A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).

Affected Software

VendorProductVersion RangeStatus
AvayaAvaya Experience Portal8.0affected
AvayaAvaya Experience Portal7.2.3 < 7.0*affected

Weaknesses

  • CWE-601: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CVE Program Container

Additional References

References