PT-2019-9640 · Mitel · Mivoice Business Express+1
Vladimir Toutain
·
Published
2019-11-12
·
Updated
2019-11-14
·
CVE-2018-18819
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
MiCollab versions 7.3 PR6 (7.3.0.601) and earlier
MiCollab versions 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202)
MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier
MiVoice Business Express versions 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202)
Description
A vulnerability in the web conference chat component could allow creation of unauthorized chat sessions due to insufficient access controls. This could allow execution of arbitrary commands.
Recommendations
For MiCollab versions 7.3 PR6 (7.3.0.601) and earlier, update to a version later than 7.3.0.601.
For MiCollab versions 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), update to a version later than 8.0.2.202.
For MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, update to a version later than 7.3.1.302.
For MiVoice Business Express versions 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), update to a version later than 8.0.2.202.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Micollab
Mivoice Business Express