Mitel Product Security Advisory 23-0001

MiContact Center Business Local File Inclusion Vulnerability

Advisory ID: 23-0001

Publish Date: 2023-01-18

Last Updated: 2023-01-18

Revision: 1.0



A vulnerability in the ccmweb component of MiContact Center Business server, versions to, could allow an unauthenticated attacker to download arbitrary files due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information. 

Mitel is recommending customers with affected product versions apply the available remediation.


Affected Products

Product Name Product Version Security Bulletin Last Updated
MiContact Center Business to
23-0001-001 2023-01-18


Risk Assessment

The risk for this vulnerability is rated as High. Refer to the product Security Bulletin for additional statements regarding risk.


Mitigation / Recommended Action

Customers with affected product versions are advised to update to the latest release. Mitel has also made available remediation for affected releases of MiContact Center Business. Customers are recommended to apply the remediations.
Customers are advised to review the product Security Bulletin. For additional information, contact Mitel Product Support.


Related CVEs / CWEs / Advisories



Revision History

Version Date Description
1.0 2023-01-18 Initial Version
Ready to talk to sales? Contact us.