Advisory ID: 16-0015
Publish Date: 2016-11-04
The document upload feature in conferences does not validate or restrict the files that a valid user can upload.
AWV provides a conference leader with an option of uploading documents to the server prior to or during a conference. This particular feature is vulnerable to attack where a malicious user could upload an executable script, which could then be used to gain access to other system files
The following products were identified as affected:
|Product Name||Product Versions||Security Bulletin||Last Updated|
|MiCollab AWV||AWV 6.x
This vulnerability has been assessed as having a CVSS v2 Base Score of 6.0, with a moderate level of risk. Refer to the Security Bulletin above for additional information.
Mitigation / Recommended Action
Administrators of affected product versions should ensure that only trusted users are granted permissions to upload files to MiCollab conferences.