First published: Fri Dec 18 2020(Updated: )
The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Successful exploitation could allow an attacker to view user conference information.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mitel MiCollab, MiVoice Business Express | <9.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-25611 is medium with a CVSS score of 6.1.
CVE-2020-25611 refers to the vulnerability in the AWV portal of Mitel MiCollab before version 9.2 that allows an attacker to gain access to conference information by sending arbitrary code due to improper input validation.
An attacker can exploit CVE-2020-25611 by sending arbitrary code to the AWV portal of Mitel MiCollab before version 9.2.
Successful exploitation of CVE-2020-25611 allows an attacker to view user conference information.
To fix CVE-2020-25611, you should upgrade Mitel MiCollab to version 9.2 or later.