Clickjacking Vulnerability in Mitel MiCollab Client Service
CVE-2021-32070

5.4MEDIUM

Key Information:

Vendor: Mitel
Status: Micollab
Vendor: CVE Published:; 13 August 2021

Summary

The MiCollab Client Service in earlier versions of Mitel MiCollab is susceptible to clickjacking attacks due to improper header response configurations. This flaw allows attackers to manipulate browser headers, potentially redirecting users to malicious sites. Organizations using affected versions should urgently apply mitigations or updates to safeguard user interactions and protect their data integrity.

References

https://www.mitel.com/support/security-advisories

x_refsource_MISC

https://www.mitel.com/support/security-advisories/mitel-p...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2021
Vulnerability Reserved
May 6, 2021