Mitel Product Security Advisory 19-0008

Mitel MiCollab for Android – Cross-Site-Scripting (XSS)

Advisory ID: 19-0008

First Issue Date: 2019-12-20

Last Updated: 2019-12-20

Revision: 1.0

Summary

A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab application for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the file upload interface. A successful exploit could allow an attacker to execute arbitrary scripts. (CVE-2019-19370).

This vulnerability was privately reported to Mitel. Mitel is recommending customers with affected product versions, update to the latest release.

Affected Products

Security Bulletins are being issued for the following products:

Product Name	Product Versions	Security Bulletin	Last Updated
Mitel MiCollab for Android	MiCollab Android Client v8.1.2.1 and earlier	19-0008-001	2019-12-20

If you do not see your product listed above, please contact Mitel Customer Support.

Risk Assessment

The risk for these vulnerabilities is rated as Medium. Refer to the product Security Bulletins for additional statements regarding risk.

Mitigation / Recommended Action

Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.

Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.

External References

N/A

Related CVEs / CWEs / Advisories

CVE-2019-19370

Revision History

Version	Date	Description
1.0	2019-12-20	Initial version

First Name

Last Name

Email Address

Relationship to Mitel

By providing the above information, you agree that we may process your personal data in accordance with our Privacy Policy.

Do you agree to the terms and conditions of using our services?

Search

Select your Region/Country/Language

Americas

Europe

Oceania