Multiple Vulnerabilities in MiCollab and MiCollab AWV

Advisory ID: 17-0010
Publish Date: 2017-09-14
Revision: 1.0

Summary

Multiple vulnerabilities have been identified and corrected in MiCollab and MiCollab AWV.

Detailed Description

Various web application defects have been corrected in MiCollab and MiCollab AWV. These vulnerabilities, if unmitigated, could lead to the compromise of user credentials, database data, and session data, and allow a malicious actor to execute arbitrary system commands.

Please refer to the security bulletins below for details on the corrected vulnerabilities.

Affected Products

Security Bulletins are being issued for the following products:

Product Name Product Versions Security Bulletin Last Updated 
 MiCollab 7.3 PR2 (7.3.0.204) and earlier
7.2 (7.2.2.13) and earlier
7.1 (7.1.0.57) and earlier  		 17-0010-001
17-0010-002
17-0010-003
17-0010-004
 2017-09-14
MiCollab AWV 6.3 PR1 (6.3.0.103) and earlier
6.2 (6.2.2.8) and earlier
6.1 (6.1.0.28) and earlier 		 

 

Risk Assessment

The risk associated with these vulnerabilities in the noted products is considered medium to high.

Refer to product Security Bulletins for additional statements regarding risk.

Mitigation / Recommended Action

Mitel has issued new releases of the affected software applications. Customers are advised to update their software to the latest versions.

Refer to the associated Security Bulletin for solution information.

External References
na

Related CVEs / CWEs / Advisories

CWE-20
CWE-79
CWE-93
CWE-307

Neem contact op met Mitel
Vind een partner +32 2727 1811 Contact