Description
Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- none
- Weaknesses
- CWE-306CWE-306
Metadata
- Primary Vendor
- AVAYA
- Published
- 11/3/2022
- Last Modified
- 5/2/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
avaya : scopia_pathfinder_10_pts_firmwareavaya : scopia_pathfinder_20_pts_firmware
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.