Products

Contact Center

Collaboration

Business Phone Systems

Phones & Accessories

Mitel Icon

800-722-1301

Contact Us  |  Find a Partner

Solutions

Business Need

Industry

Business Size

Services

Our Products

Support

Customer Support

Customer Training

Partner Support

Contact Sales

800-722-1301

Contact Us  |  Find a Partner

Learn

Blog

About

Careers

Case Studies

Resource Center

Search

Blog

Location: Canada (EN)

Select your Language
Americas
Europe
Oceania

Mitel Product Security Advisory 20-0008

Mitel MiCollab Multiple Security Vulnerabilities

Advisory ID: 20-0008

Publish Date: 2020-06-25

Last Updated: 2020-06-25

Revision: 1.0

 

Summary

The SAS portal of Mitel MiCollab could allow an attacker to access user data by performing a header injection in HTTP responses due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information

The Mitel MiCollab iOS application could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS device, and (if successful) could allow an attacker to gain access to sensitive information

These vulnerabilities were privately reported.

Mitel is recommending customers with affected product versions, update to the latest release.

 

Affected Products

Security Bulletins are being issued for the following products:

 

Risk Assessment

The risk for this vulnerability is rated as Medium. Refer to the product Security Bulletins for additional statements regarding risk.

 

Mitigation / Recommended Action

Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.

Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.

 

External References

N/A

 

Related CVEs / CWEs / Advisories

CVE-2020-13863 CVE-2020-13767

 

Revision History

Ready to talk to sales? Contact us.
Find a Partner (844) 319-5912 Email Us