PT-2019-9640 · Mitel · Mivoice Business Express+1
Vladimir Toutain
·
Publicado
2019-11-12
·
Atualizado
2019-11-14
·
CVE-2018-18819
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
MiCollab versions 7.3 PR6 (7.3.0.601) and earlier
MiCollab versions 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202)
MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier
MiVoice Business Express versions 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202)
Description
A vulnerability in the web conference chat component could allow creation of unauthorized chat sessions due to insufficient access controls. This could allow execution of arbitrary commands.
Recommendations
For MiCollab versions 7.3 PR6 (7.3.0.601) and earlier, update to a version later than 7.3.0.601.
For MiCollab versions 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), update to a version later than 8.0.2.202.
For MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, update to a version later than 7.3.1.302.
For MiVoice Business Express versions 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), update to a version later than 8.0.2.202.
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Micollab
Mivoice Business Express