CVE-2021-32070
First published: Fri Aug 13 2021(Updated: )
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitel MiCollab, MiVoice Business Express | <9.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-32070?
CVE-2021-32070 is a vulnerability in the MiCollab Client Service component in Mitel MiCollab before 9.3 that could allow an attacker to perform a clickjacking attack.
What is the severity of CVE-2021-32070?
The severity of CVE-2021-32070 is medium with a CVSS score of 5.4.
How does CVE-2021-32070 work?
CVE-2021-32070 works by exploiting an insecure header response in the MiCollab Client Service component, allowing an attacker to modify the browser header and redirect users.
Which versions of Mitel MiCollab are affected by CVE-2021-32070?
Mitel MiCollab versions up to, but excluding, version 9.3 are affected by CVE-2021-32070.
How can CVE-2021-32070 be fixed?
To fix CVE-2021-32070, users should update to Mitel MiCollab version 9.3 or later.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/mitel
- canonical/mitel micollab, mivoice business express