LOGIN PORTAL
Americas
Oceania
Sélectionnez la région / le pays / la langue
Communications Unifiées
Logiciel de collaboration
Contact Center
Téléphones et accessoires
Votre besoin
Votre secteur d'activité
La taille de votre entreprise
Nos services
Nos produits
Service client
Assistance aux Partenaires
Formation
Contactez nos commerciaux
Blog
À propos de Mitel
Carriere
Cas clients
Centre de ressources
Location FR: Canada (FR)
Advisory ID: 16-0001
Publish Date: 2016-02-01
Revision: v1.0
Summary
A SQL injection vulnerability has been identified in MiCollab 7.0 which, if successfully exploited, could allow an attacker to access sensitive information in the MiCollab database.
Detailed Description
As defined by the Open Web Application Security Project (OWASP):
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.
Review the link provided in the External References section for more information.
Affected Products
The following products have been identified as affected:
Product Name | Product Versions | Security Bulletin | Last Updated |
MiCollab | v7.0 | 16-0001-001 | 2016-02-01 |
Risk Assessment
This risk of this vulnerability is rated as high. Refer to the product Security Bulletin for additional statements regarding risk.
Mitigation / Recommended Action
Customers are advised to review the product Security Bulletin, and to contact support, to determine applicability and obtain instructions on how to obtain and apply a patch.
External References
https://www.owasp.org/index.php/SQL_Injection
Related CVEs
None