Mitel for Salesforce XSS Vulnerability

Advisory ID: 18-0005
Publish Date: 2018-03-06
Revision: 1.0

Summary

A blind Cross-site Scripting (XSS) vulnerability has been identified in Mitel for Salesforce softphone component used with Connect ONSITE and ST 14.2. To successfully exploit this vulnerability, an attacker must enter malicious code into the database. When the Mitel for Salesforce softphone component renders data in the browser, the vulnerability could allow an injected malicious script to execute in the context of the integration allowing disclosure and modification of data, and impacting the availability of the component for the impacted user.

This vulnerability was privately reported to Mitel. Mitel is not aware of customers that have been impacted by this vulnerability.

Mitel has made available an updated release to address this vulnerability.

Credit is given to Ben Sadeghipour - NahamSec.com for the discovery.

Affected Products

A Security Bulletin is being issued for the following product:

Product Name  Product Versions  Security Bulletin  Last Updated 
Mitel for Salesforce 5.3.0.21 and earlier 18-0005-001   2018-03-06 

Risk Assessment

The risk of this vulnerability is rated as high. Refer to the product Security Bulletin for additional statements regarding risk.

Mitigation / Recommended Action

Mitel has made available an updated release to address this vulnerability. In most cases, this update will be automatically deployed to users. Customers who are concerned should review the Security Bulletin for steps to verify and if required update their Mitel for SalesForce software.

Customers are advised to review the product Security Bulletin. For additional information, contact your partner or Mitel customer support at: https://oneview.mitel.com/s/support.

External References
n/a

Related CVEs / CWEs / Advisories
n/a

Revision History

Version  Date  Description 
 1.0 2018-03-06 Initial version

 

Attachment(s)

Security Bulletin 18 0005 001

 


Prêt à parler aux ventes ? Contactez-nous.