CVE-2021-27402

The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:*
cpe:2.3:a:mitel:micollab:9.2:-:*:*:*:-:*:*
cpe:2.3:a:mitel:micollab:9.2:fp1:*:*:*:-:*:*

History

21 Nov 2024, 05:57

Type Values Removed Values Added
References () https://www.mitel.com/support/security-advisories - Vendor Advisory () https://www.mitel.com/support/security-advisories - Vendor Advisory
References () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0004 - Vendor Advisory () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0004 - Vendor Advisory

23 Aug 2021, 18:56

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 6.4
v3 : 6.5
References (MISC) https://www.mitel.com/support/security-advisories - (MISC) https://www.mitel.com/support/security-advisories - Vendor Advisory
References (CONFIRM) https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0004 - (CONFIRM) https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0004 - Vendor Advisory
CPE cpe:2.3:a:mitel:micollab:9.2:fp1:*:*:*:-:*:*
cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:*
cpe:2.3:a:mitel:micollab:9.2:-:*:*:*:-:*:*
CWE CWE-22

13 Aug 2021, 16:24

Type Values Removed Values Added
New CVE

Information

Published : 2021-08-13 16:15

Updated : 2024-11-21 05:57


NVD link : CVE-2021-27402

Mitre link : CVE-2021-27402

CVE.ORG link : CVE-2021-27402


JSON object : View

Products Affected

mitel

  • micollab
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')