First published: Wed Aug 26 2020(Updated: )
The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mitel MiCollab, MiVoice Business Express | <9.1.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-13863 is a vulnerability in Mitel MiCollab before version 9.1.3, which allows an attacker to access user data by performing a header injection in HTTP responses.
CVE-2020-13863 occurs due to the improper handling of input parameters in the SAS portal of Mitel MiCollab.
The severity of CVE-2020-13863 is high, with a CVSS score of 8.1.
An attacker can exploit CVE-2020-13863 by performing a header injection in HTTP responses to gain unauthorized access to user information.
To mitigate CVE-2020-13863, users should update Mitel MiCollab to version 9.1.3 or above.