Unrestricted File Upload in MiCollab AWV

Advisory ID: 16-0015
Publish Date: 2016-11-04
Revision: 1.0


The document upload feature in conferences does not validate or restrict the files that a valid user can upload.

Detailed Description

AWV provides a conference leader with an option of uploading documents to the server prior to or during a conference. This particular feature is vulnerable to attack where a malicious user could upload an executable script, which could then be used to gain access to other system files

Affected Products

The following products were identified as affected:

Product Name   Product Versions Security Bulletin  Last Updated 
MiCollab AWV AWV 6.x
AWV 5.x
16-0015-001 2016-11-04


Risk Assessment

This vulnerability has been assessed as having a CVSS v2 Base Score of 6.0, with a moderate level of risk. Refer to the Security Bulletin above for additional information.

Mitigation / Recommended Action

Administrators of affected product versions should ensure that only trusted users are granted permissions to upload files to MiCollab conferences.

External References


Related CVEs


Ready to talk to sales? Contact us.