CVE-2020-11797

Опубликовано: 26 авг. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit could allow an attacker to access sensitive shared files.

Ссылки

https://www.mitel.com/support/security-advisories
Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0005
Vendor Advisory
https://www.mitel.com/support/security-advisories
Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0005
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mitel:micollab_audio\,_web_\&_video_conferencing:*:*:*:*:*:*:*:*

Версия до 8.1.2.4 (исключая)

cpe:2.3:a:mitel:micollab_audio\,_web_\&_video_conferencing:*:*:*:*:*:*:*:*

Версия от 9.0 (включая) до 9.1.3 (исключая)

EPSS

Процентиль: 66%

0.00508

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-jmhg-7h5w-chvf

github

больше 3 лет назад