NVAS is an access control product used on IBM z/OS mainframes. This video demonstrates a flaw that allows the "page ID" in the top left corner to be modified to gain access to administrator menu, that can be used to escalate the privileges of the unprivileged user.
This was used to demonstrate the Big Iron Recon & Pwnage (BIRP) tool developed by @sensepost and available at github.com/sensepost/birp