First published: Mon Mar 29 2021(Updated: )
The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mitel MiContact Center Enterprise | <9.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-26714 is a vulnerability in the Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4.
CVE-2021-26714 has a severity rating of 9.8 (critical).
CVE-2021-26714 allows a user to access restricted files and folders in the Enterprise License Manager portal, leading to potential unauthorized viewing and modification of application data.
CVE-2021-26714 can be exploited through Directory Traversal.
Yes, updating Mitel MiContact Center Enterprise to version 9.4 or higher will fix CVE-2021-26714. It is recommended to apply the necessary patches as soon as possible.