CVE-2018-9102: SQL Injection
First published: Wed Apr 25 2018(Updated: )
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the signin interface. A successful exploit could allow an attacker to extract sensitive information from the database.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitel MiVoice Connect | <=21.84.5535.0 | |
| Mitel ST 14.2 | <=19.49.5200.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2018-9102.
What is the affected software?
The affected software is Mitel MiVoice Connect versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2 versions GA27 (19.49.5200.0) and earlier.
What is the severity of CVE-2018-9102?
The severity of CVE-2018-9102 is medium, with a severity value of 6.5.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by conducting an SQL injection attack due to insufficient input validation.
Is there a fix available for CVE-2018-9102?
Yes, Mitel has released a security advisory and a security bulletin with fixes for CVE-2018-9102.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/mitel
- canonical/mitel mivoice connect
- version/mitel mivoice connect/21.84.5535.0
- canonical/mitel st 14.2
- version/mitel st 14.2/19.49.5200.0