CVE-2022-41326

The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mitel:micollab:*:*:*:*:*:*:*:*

History

26 Nov 2022, 03:26

Type Values Removed Values Added
First Time Mitel micollab
Mitel
CPE cpe:2.3:a:mitel:micollab:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-863
References (MISC) https://www.mitel.com/support/security-advisories - (MISC) https://www.mitel.com/support/security-advisories - Vendor Advisory
References (MISC) https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0009 - (MISC) https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0009 - Mitigation, Vendor Advisory

22 Nov 2022, 13:44

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-22 01:15

Updated : 2022-11-26 03:26


NVD link : CVE-2022-41326

Mitre link : CVE-2022-41326


JSON object : View

Products Affected

mitel

  • micollab
CWE
CWE-863

Incorrect Authorization