Insufficient Access Controls in MiCollab and MiVoice Business Express Web Conference Chat
CVE-2018-18819

5.3MEDIUM

Key Information:

Vendor: Mitel
Status: Mivoice Business Express; Micollab
Vendor: CVE Published:; 12 November 2019

Summary

A vulnerability exists in the MiCollab and MiVoice Business Express web conference chat components, enabling the creation of unauthorized chat sessions. This issue arises from insufficient access control mechanisms, which could allow unauthorized users to exploit the system and execute arbitrary commands. Users and administrators should ensure they are running the latest versions and apply the necessary patches to secure their systems against potential unauthorized access.

References

https://www.mitel.com/support/security-advisories

x_refsource_MISC

https://www.mitel.com/support/security-advisories/mitel-p...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2019
Vulnerability Reserved
Oct 29, 2018