LOGIN PORTAL
Americas
Europe
Oceania
Business Phone Systems
Collaboration
Contact Center
Phones & Accessories
Apps & Developers
Your Business Need
Your Industry
Your Business Size
Our Services
Our Products
Blog
About Mitel
Careers
Customer Success
Resource Center
Location: United Kingdom
Advisory ID: 17-0010
Publish Date: 2017-09-14
Revision: 1.0
Summary
Multiple vulnerabilities have been identified and corrected in MiCollab and MiCollab AWV.
Detailed Description
Various web application defects have been corrected in MiCollab and MiCollab AWV. These vulnerabilities, if unmitigated, could lead to the compromise of user credentials, database data, and session data, and allow a malicious actor to execute arbitrary system commands.
Please refer to the security bulletins below for details on the corrected vulnerabilities.
Affected Products
Security Bulletins are being issued for the following products:
Product Name | Product Versions | Security Bulletin | Last Updated |
MiCollab | 7.3 PR2 (7.3.0.204) and earlier 7.2 (7.2.2.13) and earlier 7.1 (7.1.0.57) and earlier |
17-0010-001 17-0010-002 17-0010-003 17-0010-004 |
2017-09-14 |
MiCollab AWV | 6.3 PR1 (6.3.0.103) and earlier 6.2 (6.2.2.8) and earlier 6.1 (6.1.0.28) and earlier |
Risk Assessment
The risk associated with these vulnerabilities in the noted products is considered medium to high.
Refer to product Security Bulletins for additional statements regarding risk.
Mitigation / Recommended Action
Mitel has issued new releases of the affected software applications. Customers are advised to update their software to the latest versions.
Refer to the associated Security Bulletin for solution information.
External References
na
Related CVEs / CWEs / Advisories
CWE-20
CWE-79
CWE-93
CWE-307