Americas
Europe
Oceania
+41 32 655 33 33
+41 32 655 33 33
Contact Center
Zusammenarbeit
Kommunikationssysteme
Telefone und Zubehör
Fragen oder Kommentare?
+41 32 655 33 33
Ihr Geschäftsbedarf
Ihre Branche
Ihre Unternehmensgröße
Unsere Services
Unsere Produkte
Kundensupport
Partner Support
Schulung
Kontakt Verkauf
Blog
Über Mitel
Karriere
Kundenreferenzen
Informationscenter
Standort: Schweiz (DE)
Advisory ID: 19-0003
Publish Date: 2019-03-29
Last Updated: 2019-03-29
Revision: 1.0
Summary
SQL injection vulnerabilities have been identified Mitel CMG Suite. If successfully exploited by crafted URl parameters, these vulnerabilities could lead to exposure and modification of sensitive information in the database.
This vulnerability was privately reported to Mitel. At time of publishing, Mitel is not aware of customers that have been impacted by this vulnerability.
Mitel is recommending customers with affected product versions update to the latest release.
Credit is given to Daniel Wong of 2Secure for highlighting these issues and bringing these to our attention.
The following products have been identified as affected:
Product Name | Product Versions | Security Bulletin | Last Updated |
Mitel CMG Suite | 8.4 SP2 and earlier | 19-0003-001 |
2019-03-29 |
Risk Assessment
The risk of this vulnerability is rated as High.
Refer to the Product Security Bulletin(s) for additional statements regarding risk..
Mitigation / Recommended Action
Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.
Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.
External References
N/A
Related CVEs / Advisories
CVE-2018-18285
CVE-2018-18286