exploitDog

CVE-2022-41326

Опубликовано: 22 нояб. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application.

Ссылки

https://www.mitel.com/support/security-advisories
Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0009
Mitigation
Vendor Advisory
https://www.mitel.com/support/security-advisories
Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0009
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mitel:micollab:*:*:*:*:*:*:*:*

Версия до 9.6.0.105 (включая)

EPSS

Процентиль: 86%

0.02697

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-Other

CWE-862

Связанные уязвимости

GHSA-43jv-mfhv-x3hx

CVSS3: 9.8

github

около 3 лет назад

The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application.

EPSS

Процентиль: 86%

0.02697

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-Other

CWE-862