Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NAvaya Scopia Pathfinder 10 Pts
HWAvayawszystkie wersjeAvaya Scopia Pathfinder 10 Pts Firmware
OSAvaya8.3.7.0.4Avaya Scopia Pathfinder 20 Pts
HWAvayawszystkie wersjeAvaya Scopia Pathfinder 20 Pts Firmware
OSAvaya8.3.7.0.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
Related vulnerabilities
CVE-2025-1041CRITICAL9.9PL ✓ten sam vendor
Zdalne wykonanie poleceń w Avaya Call Management System (CWE-20)
CVE-2024-4197CRITICAL9.9PL ✓ten sam vendor
Unrestricted file upload umożliwiający RCE w Avaya IP Office (One-X)
CVE-2024-4196CRITICAL10.0PL ✓ten sam vendor
RCE poprzez improper input validation w Avaya IP Office (Web Control)
CVE-2019-7003CRITICAL10.0ten sam vendor
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticat...
CVE-2019-7001CRITICAL9.9ten sam vendor
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated ...