CVE-2020-11798: Path Traversal
First published: Wed Jun 10 2020(Updated: )
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitel MiCollab Audio, Web & Video Conferencing | <8.1.2.4 | |
| Mitel MiCollab Audio, Web & Video Conferencing | >=9.0<9.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-11798?
CVE-2020-11798 is categorized as a high severity vulnerability due to the potential for unauthorized file access.
How do I fix CVE-2020-11798?
To fix CVE-2020-11798, upgrade the Mitel MiCollab AWV software to versions 8.1.2.4 or later, or to version 9.1.3 or later.
What types of attacks are possible with CVE-2020-11798?
An attacker can exploit CVE-2020-11798 to perform directory traversal attacks, allowing access to restricted files on the server.
Which versions of Mitel MiCollab are affected by CVE-2020-11798?
CVE-2020-11798 affects Mitel MiCollab AWV versions before 8.1.2.4 and 9.x before 9.1.3.
What components are impacted by CVE-2020-11798?
CVE-2020-11798 impacts the web conference component of Mitel MiCollab.
- agent/description
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mitel
- canonical/mitel micollab audio, web & video conferencing
- version/mitel micollab audio, web & video conferencing/9.0