Uw zakelijke behoefte
Uw branche
Organisatiegrootte
Onze diensten
Onze producten
Support voor klanten
Trainingen voor klanten
Partner support
Contact
Vragen of opmerkingen?
+32 2727 1811
Blog
Over Mitel
Case studies
Resource center
Advisory ID: 16-0015
Publish Date: 2016-11-04
Revision: 1.0
Summary
The document upload feature in conferences does not validate or restrict the files that a valid user can upload.
Detailed Description
AWV provides a conference leader with an option of uploading documents to the server prior to or during a conference. This particular feature is vulnerable to attack where a malicious user could upload an executable script, which could then be used to gain access to other system files
Affected Products
The following products were identified as affected:
| Product Name | Product Versions | Security Bulletin | Last Updated |
| MiCollab AWV | AWV 6.x AWV 5.x |
16-0015-001 | 2016-11-04 |
Risk Assessment
This vulnerability has been assessed as having a CVSS v2 Base Score of 6.0, with a moderate level of risk. Refer to the Security Bulletin above for additional information.
Mitigation / Recommended Action
Administrators of affected product versions should ensure that only trusted users are granted permissions to upload files to MiCollab conferences.
External References
https://cwe.mitre.org/data/definitions/434.html
CWE-434
