CVE-2022-38168
First published: Thu Nov 03 2022(Updated: )
** UNSUPPPORTED WHEN ASSIGNED **Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya Scopia Pathfinder 10 Pts Firmware | =8.3.7.0.4 | |
| Avaya Scopia Pathfinder 10 Pts | ||
| Avaya Scopia Pathfinder 20 Pts Firmware | =8.3.7.0.4 | |
| Avaya Scopia Pathfinder 20 Pts | ||
| All of | ||
| Avaya Scopia Pathfinder 10 Pts Firmware | =8.3.7.0.4 | |
| Avaya Scopia Pathfinder 10 Pts | ||
| All of | ||
| Avaya Scopia Pathfinder 20 Pts Firmware | =8.3.7.0.4 | |
| Avaya Scopia Pathfinder 20 Pts |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability severity of CVE-2022-38168?
The vulnerability severity of CVE-2022-38168 is critical with a severity value of 9.1.
How does CVE-2022-38168 affect Avaya Scopia Pathfinder 10 PTS?
CVE-2022-38168 affects Avaya Scopia Pathfinder 10 PTS version 8.3.7.0.4, allowing remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords.
How does CVE-2022-38168 affect Avaya Scopia Pathfinder 20 PTS?
CVE-2022-38168 affects Avaya Scopia Pathfinder 20 PTS version 8.3.7.0.4, allowing remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords.
How can the vulnerability in Avaya Scopia Pathfinder be exploited?
The vulnerability in Avaya Scopia Pathfinder can be exploited by remote unauthenticated attackers through URL modification, bypassing the login page, accessing sensitive information, and resetting user passwords.
Is Avaya Scopia Pathfinder 10 PTS vulnerable to CVE-2022-38168?
Avaya Scopia Pathfinder 10 PTS is vulnerable to CVE-2022-38168, specifically in version 8.3.7.0.4.
Is Avaya Scopia Pathfinder 20 PTS vulnerable to CVE-2022-38168?
Avaya Scopia Pathfinder 20 PTS is vulnerable to CVE-2022-38168, specifically in version 8.3.7.0.4.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/status
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- status/unsupported
- vendor/avaya
- canonical/avaya scopia pathfinder 10 pts firmware
- version/avaya scopia pathfinder 10 pts firmware/8.3.7.0.4
- canonical/avaya scopia pathfinder 10 pts
- canonical/avaya scopia pathfinder 20 pts firmware
- version/avaya scopia pathfinder 20 pts firmware/8.3.7.0.4
- canonical/avaya scopia pathfinder 20 pts