Overview
- Description
- The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:*",
"vulnerable": true,
"matchCriteriaId": "200AECAB-6B5A-4881-852F-F9ABFB241E3C",
"versionEndExcluding": "9.2"
},
{
"criteria": "cpe:2.3:a:mitel:micollab:9.2:-:*:*:*:-:*:*",
"vulnerable": true,
"matchCriteriaId": "7F557ADB-202D-4A6C-869E-38629240CC9F"
},
{
"criteria": "cpe:2.3:a:mitel:micollab:9.2:fp1:*:*:*:-:*:*",
"vulnerable": true,
"matchCriteriaId": "61A8FD1A-8F20-47CE-80E1-5E59B70507A8"
}
],
"operator": "OR"
}
]
}
]