CVE-2021-27402: Path Traversal
First published: Fri Aug 13 2021(Updated: )
The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitel MiCollab, MiVoice Business Express | <9.2 | |
| Mitel MiCollab, MiVoice Business Express | =9.2 | |
| Mitel MiCollab, MiVoice Business Express | =9.2-fp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-27402?
CVE-2021-27402 is a vulnerability in the SAS Admin portal of Mitel MiCollab before 9.2 FP2 that could allow an unauthenticated attacker to access and modify user data by injecting arbitrary directory paths.
How does CVE-2021-27402 impact Mitel MiCollab?
CVE-2021-27402 allows an unauthenticated attacker to view and modify user data through the SAS Admin portal of Mitel MiCollab.
What is the severity of CVE-2021-27402?
CVE-2021-27402 has a severity rating of 6.5 (medium).
How can I fix the vulnerability CVE-2021-27402?
To fix CVE-2021-27402, it is recommended to update Mitel MiCollab to version 9.2 FP2 or later.
Where can I find more information about CVE-2021-27402?
More information about CVE-2021-27402 can be found on the Mitel Security Advisories page: https://www.mitel.com/support/security-advisories
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/mitel
- canonical/mitel micollab, mivoice business express
- version/mitel micollab, mivoice business express/9.2
- version/mitel micollab, mivoice business express/9.2-fp1