Описание
The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view user information and application data.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.4.15 (исключая)Версия от 7.0 (включая) до 7.1.2 (исключая)
Одно из
cpe:2.3:a:mitel:businesscti_enterprise:*:*:*:*:*:windows:*:*
cpe:2.3:a:mitel:businesscti_enterprise:*:*:*:*:*:windows:*:*
EPSS
Процентиль: 62%
0.00423
Низкий
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view user information and application data.
EPSS
Процентиль: 62%
0.00423
Низкий
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-20