The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal.
References
Link | Resource |
---|---|
https://www.mitel.com/support/security-advisories | Vendor Advisory |
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0004 | Vendor Advisory |
https://www.mitel.com/support/security-advisories | Vendor Advisory |
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0004 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:57
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.mitel.com/support/security-advisories - Vendor Advisory | |
References | () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0004 - Vendor Advisory |
23 Aug 2021, 18:56
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.4
v3 : 6.5 |
References | (MISC) https://www.mitel.com/support/security-advisories - Vendor Advisory | |
References | (CONFIRM) https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0004 - Vendor Advisory | |
CPE | cpe:2.3:a:mitel:micollab:9.2:fp1:*:*:*:-:*:* cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:* cpe:2.3:a:mitel:micollab:9.2:-:*:*:*:-:*:* |
|
CWE | CWE-22 |
13 Aug 2021, 16:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-13 16:15
Updated : 2024-11-21 05:57
NVD link : CVE-2021-27402
Mitre link : CVE-2021-27402
CVE.ORG link : CVE-2021-27402
JSON object : View
Products Affected
mitel
- micollab
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')