PT-2024-22250 · Mitel · Mitel Micontact Center Business
Published
2024-03-15
·
Updated
2025-06-02
·
CVE-2024-28069
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mitel MiContact Center Business versions through 10.0.0.4
Description
A vulnerability in the legacy chat component could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component.
Recommendations
For versions through 10.0.0.4, consider reconfiguring the legacy chat component to prevent improper configuration and minimize the risk of information disclosure attacks. As a temporary workaround, restrict access to the legacy chat component until a proper configuration or patch is available.
Fix
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mitel Micontact Center Business