CVE-2021-25649

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services

Published: Jun 24, 2021
Updated: Nov 8, 2023
CVE: CVE-2021-25649
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
avaya / aura_utility_services	7.0	7.1.3.x

https://support.avaya.com/css/P8/documents/101072728

Vulnerability Database

289,697

CVE-2021-25649