CVE-2022-38168
Summary
| CVE | CVE-2022-38168 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-11-03 21:15:00 UTC |
| Updated | 2023-11-07 03:50:00 UTC |
| Description | ** UNSUPPPORTED WHEN ASSIGNED **Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification. |
Risk And Classification
Problem Types: CWE-306
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Avaya | Scopia Pathfinder 10 Pts | - | All | All | All |
| Operating System | Avaya | Scopia Pathfinder 10 Pts Firmware | 8.3.7.0.4 | All | All | All |
| Hardware | Avaya | Scopia Pathfinder 20 Pts | - | All | All | All |
| Operating System | Avaya | Scopia Pathfinder 20 Pts Firmware | 8.3.7.0.4 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Avaya Scopia Pathfinder Broken Access Control | by Rob_NES | Aug, 2022 | Medium | MISC | medium.com | |
| Avaya Scopia Pathfinder Broken Access Control | by Rob_NES | Aug, 2022 | Medium | MISC | medium.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.