Insufficient Access Control in Mitel MiCollab Online Help Portal
CVE-2020-27340

6.1MEDIUM

Key Information:

Vendor: Mitel
Status: Micollab
Vendor: CVE Published:; 18 December 2020

What is CVE-2020-27340?

The online help portal of Mitel MiCollab, prior to version 9.2, is susceptible to an attack that can redirect users to unauthorized websites. This occurs due to insufficient access control, allowing malicious scripts to execute and compromise user interactions. Users of older versions are recommended to upgrade to the latest version to mitigate this vulnerability and enhance security. For more information, refer to Mitel's security advisories.

References

https://www.mitel.com/support/security-advisories

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2020
Vulnerability Reserved
Oct 20, 2020