First published: Tue Nov 12 2019(Updated: )
A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mitel MiCollab | >=7.3<=7.3.0.601 | |
Mitel MiCollab | >=8.0.0.40<=8.0.2.202 | |
Mitel Mivoice Business Express | >=7.0<=7.3.1.302 | |
Mitel Mivoice Business Express | >=8.0.0.40<=8.0.2.202 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-18819 is a vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202).
The severity of CVE-2018-18819 is medium with a CVSS score of 5.3.
MiCollab versions 7.3 PR6 (7.3.0.601) and earlier, 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202) are affected by CVE-2018-18819.
An attacker could exploit this vulnerability by creating a specially crafted URL that, when clicked, executes arbitrary code or scripts on the victim's machine.
Yes, you can find more information about CVE-2018-18819 in the following references: [Mitel Security Advisories](https://www.mitel.com/support/security-advisories) and [Mitel Product Security Advisory 18-0012](https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0012).