Vladimir Toutain

**Name of the Vulnerable Software and Affected Versions** MiCollab versions 7.3 PR6 (7.3.0.601) and earlier MiCollab versions 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202) MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier MiVoice Business Express versions 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202) **Description** A vulnerability in the web conference chat component could allow creation of unauthorized chat sessions due to insufficient access controls. This could allow execution of arbitrary commands. **Recommendations** For MiCollab versions 7.3 PR6 (7.3.0.601) and earlier, update to a version later than 7.3.0.601. For MiCollab versions 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), update to a version later than 8.0.2.202. For MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, update to a version later than 7.3.1.302. For MiVoice Business Express versions 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), update to a version later than 8.0.2.202.