CVE-2021-27402

Name of the Vulnerable Software and Affected Versions Mitel MiCollab versions prior to 9.2 FP2

Description The issue allows an unauthenticated attacker to access and modify user data by injecting arbitrary directory paths due to improper URL validation, also known as Directory Traversal. This enables the attacker to view and modify user data without proper authentication.

Recommendations For versions prior to 9.2 FP2, update to version 9.2 FP2 or later to resolve the issue. As a temporary workaround, consider restricting access to the SAS Admin portal to minimize the risk of exploitation.