LOGIN PORTAL
Americas
Oceania
Sélectionnez la région / le pays / la langue
Communications Unifiées
Logiciel de collaboration
Contact Center
Téléphones et accessoires
Votre besoin
Votre secteur d'activité
La taille de votre entreprise
Nos services
Nos produits
Service client
Assistance aux Partenaires
Formation
Contactez nos commerciaux
Blog
À propos de Mitel
Carriere
Cas clients
Centre de ressources
Location FR: Canada (FR)
Advisory ID: 21-0004
Publish Date: 2021-03-09
Last Updated: 2021-03-09
Revision: 1.0
Following multiple vulnerabilities were privately reported to Mitel
The SAS Admin portal of Mitel MiCollab could allow an unauthenticated attacker to access user data by injecting arbitrary directory paths due to improper
URL validation, aka Directory Traversal. A successful exploit could allow an attacker to view and modify MiCollab user data.
The Join Meeting page of Mitel MiCollab Web Client could allow an attacker to access user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS). A successful exploit could allow an attacker to view and modify MiCollab user data.
Mitel is recommending customers with affected product versions to update to the latest release.
Product Name | Product Version | Security Bulletin | Last Updated |
---|---|---|---|
MiCollab | MiCollab 9.2 FP1 and earlier | 21-0004-001 21-0004-002 |
2021-03-09 |
The risks for these vulnerabilities are rated from Medium to High. Refer to the product Security Bulletins for additional statements regarding risk.
Version | Date | Description |
---|---|---|
1.0 | 2021-03-09 | Initial Version |