Описание
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 9.2.2.0 (включая) до 9.4.2.0 (исключая)
cpe:2.3:a:mitel:micontact_center_business:*:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00524
Низкий
7.5 High
CVSS3
9.1 Critical
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-839
Связанные уязвимости
CVSS3: 7.5
github
почти 3 года назад
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.
EPSS
Процентиль: 66%
0.00524
Низкий
7.5 High
CVSS3
9.1 Critical
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-839