First published: Fri Aug 13 2021(Updated: )
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mitel MiContact Center Business | >=8.0.0.0<=8.1.4.1 | |
Mitel MiContact Center Business | >=9.0.0.0<=9.3.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3352 is a vulnerability in Mitel MiContact Center Business SDK that allows an unauthenticated attacker to access and modify user data without authorization.
CVE-2021-3352 has a severity rating of 9.1 (Critical).
Mitel MiContact Center Business versions 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 are affected.
An attacker can exploit CVE-2021-3352 by improperly handling tokens to access and modify user data without authorization.
Mitel has released security advisories and it is recommended to apply the necessary updates or patches provided by Mitel to fix CVE-2021-3352.