Описание
Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.
Ссылки
- Vendor Advisory
- Vendor Advisory
- US Government Resource
Уязвимые конфигурации
EPSS
2.7 Low
CVSS3
4.4 Medium
CVSS3
Дефекты
Связанные уязвимости
Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.
Уязвимость платформы для совместной работы Mitel MiCollab, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю читать произвольные файлы
EPSS
2.7 Low
CVSS3
4.4 Medium
CVSS3