Americas
Europe
Oceania
800-722-1301
800-722-1301
Applications pour centre d'appels
Logiciel de collaboration
Systèmes de téléphonie professionnel
Appareils et accessoires
Avez-vous des questions ou des commentaires ?
800-722-1301
Votre besoin d'affaires
Votre secteur d'activité
La taille de votre entreprise
Nos services
Nos produits
Service client
Assistance aux Partenaires
Formation
Contactez nos commerciaux
Blog
À propos de Mitel
Carriere
Cas clients
Centre de ressources
Location FR: Canada (FR)
Advisory ID: 18-0005
Publish Date: 2018-03-06
Revision: 1.0
Summary
A blind Cross-site Scripting (XSS) vulnerability has been identified in Mitel for Salesforce softphone component used with Connect ONSITE and ST 14.2. To successfully exploit this vulnerability, an attacker must enter malicious code into the database. When the Mitel for Salesforce softphone component renders data in the browser, the vulnerability could allow an injected malicious script to execute in the context of the integration allowing disclosure and modification of data, and impacting the availability of the component for the impacted user.
This vulnerability was privately reported to Mitel. Mitel is not aware of customers that have been impacted by this vulnerability.
Mitel has made available an updated release to address this vulnerability.
Credit is given to Ben Sadeghipour - NahamSec.com for the discovery.
Affected Products
A Security Bulletin is being issued for the following product:
Product Name | Product Versions | Security Bulletin | Last Updated |
Mitel for Salesforce | 5.3.0.21 and earlier | 18-0005-001 | 2018-03-06 |
Risk Assessment
The risk of this vulnerability is rated as high. Refer to the product Security Bulletin for additional statements regarding risk.
Mitigation / Recommended Action
Mitel has made available an updated release to address this vulnerability. In most cases, this update will be automatically deployed to users. Customers who are concerned should review the Security Bulletin for steps to verify and if required update their Mitel for SalesForce software.
Customers are advised to review the product Security Bulletin. For additional information, contact your partner or Mitel customer support at: https://oneview.mitel.com/s/support.
External References
n/a
Related CVEs / CWEs / Advisories
n/a
Revision History
Version | Date | Description |
1.0 | 2018-03-06 | Initial version |
Attachment(s)