{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-38168", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T10:45:52.645Z", "dateReserved": "2022-08-11T00:00:00", "datePublished": "2022-11-03T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-11-03T00:00:00"}, "descriptions": [{"lang": "en", "value": "Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification."}], "tags": ["unsupported-when-assigned"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://medium.com/%40rob_nes/avaya-scopia-pathfinder-broken-access-control-ac792e995bae"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:45:52.645Z"}, "title": "CVE Program Container", "references": [{"url": "https://medium.com/%40rob_nes/avaya-scopia-pathfinder-broken-access-control-ac792e995bae", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:avaya:scopia_pathfinder_10_pts_firmware:8.3.7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F9DD0F04-DF13-420D-8FC7-09B84040383E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:avaya:scopia_pathfinder_10_pts:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5E61DD5-1647-4AEB-AD76-F1E8594342C6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:avaya:scopia_pathfinder_20_pts_firmware:8.3.7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "26BB8EB1-22ED-4E17-9284-FF6BAE6D68D5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:avaya:scopia_pathfinder_20_pts:-:*:*:*:*:*:*:*", "matchCriteriaId": "B81805BE-026E-4E66-B34D-EF1C0C0D5231", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification."}, {"lang": "es", "value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** Un Control de Acceso Roto en la Autenticaci\u00f3n de Usuario en Avaya Scopia Pathfinder 10 y 20 PTS versi\u00f3n 8.3.7.0.4 permite a atacantes remotos no autenticados omitir la p\u00e1gina de inicio de sesi\u00f3n, acceder a informaci\u00f3n confidencial y restablecer contrase\u00f1as de usuario mediante modificaci\u00f3n de la URL."}], "id": "CVE-2022-38168", "lastModified": "2024-08-03T11:15:48.040", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-03T21:15:09.660", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://medium.com/%40rob_nes/avaya-scopia-pathfinder-broken-access-control-ac792e995bae"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}