PT-2020-10272 · Atos · Atos Unify Openscape Uc Web Client

Published

2020-02-21

Updated

2022-04-18

CVE-2019-19866

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 Atos Unify OpenScape UC Web Client V10 before version V10 R0.6.0

Description The issue allows remote attackers to obtain sensitive information by iterating the value of conferenceId to getMailFunction in the JSON API. This enables the enumeration of all conferences scheduled on the platform, including their numbers and access PINs.

Recommendations For Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0, update to version V9 R4.31.0 or later. For Atos Unify OpenScape UC Web Client V10 before version V10 R0.6.0, update to version V10 R0.6.0 or later.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2019-19866

Affected Products

Atos Unify Openscape Uc Web Client

PT-2020-10272 · Atos · Atos Unify Openscape Uc Web Client

CVE-2019-19866

Weakness Enumeration

Related Identifiers

Affected Products

References · 4