Mitel Product Security Advisory 21-0004

Mitel Product Security Advisory 21-0004

Mitel MiCollab Multiple Security Vulnerabilities

Advisory ID: 21-0004

Publish Date: 2021-03-09

Last Updated: 2021-03-09

Revision: 1.0

Summary

Following multiple vulnerabilities were privately reported to Mitel

The SAS Admin portal of Mitel MiCollab could allow an unauthenticated attacker to access user data by injecting arbitrary directory paths due to improper

URL validation, aka Directory Traversal. A successful exploit could allow an attacker to view and modify MiCollab user data.

The Join Meeting page of Mitel MiCollab Web Client could allow an attacker to access user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS). A successful exploit could allow an attacker to view and modify MiCollab user data.

Mitel is recommending customers with affected product versions to update to the latest release.

Affected Products

Product NameProduct VersionSecurity BulletinLast Updated
MiCollabMiCollab 9.2 FP1 and earlier 21-0004-001
21-0004-002
2021-03-09

Risk Assessment

The risks for these vulnerabilities are rated from Medium to High. Refer to the product Security Bulletins for additional statements regarding risk.

Mitigation / Recommended Action

Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions. Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.

External References

N/A

Related CVEs / CWEs / Advisories

CVE-2021-27402 CVE-2021-27401

Revision History

VersionDateDescription
1.02021-03-09Initial Version

Stay One Step Ahead Get notifications of the latest security advisories sent right to your inbox every week!