LOGIN PORTAL
Americas
Europe
Oceania
Business Phone Systems
Collaboration
Contact Center
Phones & Accessories
Apps & Developers
Your Business Need
Your Industry
Your Business Size
Our Services
Our Products
Blog
About Mitel
Careers
Customer Success
Resource Center
Location: United States
Advisory ID: 19-0008
First Issue Date: 2019-12-20
Last Updated: 2019-12-20
Revision: 1.0
A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab application for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the file upload interface. A successful exploit could allow an attacker to execute arbitrary scripts. (CVE-2019-19370).
This vulnerability was privately reported to Mitel. Mitel is recommending customers with affected product versions, update to the latest release.
Security Bulletins are being issued for the following products:
Product Name | Product Versions | Security Bulletin | Last Updated |
Mitel MiCollab for Android | MiCollab Android Client v8.1.2.1 and earlier | 19-0008-001 | 2019-12-20 |
If you do not see your product listed above, please contact Mitel Customer Support.
The risk for these vulnerabilities is rated as Medium. Refer to the product Security Bulletins for additional statements regarding risk.
Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.
Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.
N/A
Version | Date | Description |
1.0 | 2019-12-20 | Initial version |