CVE-2018-18819Incorrect Authorization in Micollab

CWE-863Incorrect Authorization3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 43.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mitel MicollabMitel Mivoice Business Express
Timeline
PublishedNov 12
Latest updateMay 24

Description

A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDmitel/mivoice_business_express7.07.3.1.302+1
NVDmitel/micollab7.37.3.0.601+1

🔴Vulnerability Details

2
GHSA
GHSA-m8mf-8j96-ph83: A vulnerability in the web conference chat component of MiCollab, versions 72022-05-24
CVEList
CVE-2018-18819: A vulnerability in the web conference chat component of MiCollab, versions 72019-11-12
CVE-2018-18819 — Incorrect Authorization in Micollab | cvebase