CVE-2020-11797
published 2020-08-26CVE-2020-11797: An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could…
PriorityP349high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.17%
63.4th percentile
An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit could allow an attacker to access sensitive shared files.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mitel | micollab_audio_web_video_conferencing | < 8.1.2.4 | 8.1.2.4 |
| mitel | micollab_audio_web_video_conferencing | >= 9.0 < 9.1.3 | 9.1.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_oracle3.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jmhg-7h5w-chvf: An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8
ghsa_unreviewed·2022-05-24
CVE-2020-11797 [MEDIUM] CWE-306 GHSA-jmhg-7h5w-chvf: An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8
An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit could allow an attacker to access sensitive shared files.
Oracle
Oracle Oracle Retail Applications Risk Matrix: Dataloader (Apache pdfbox) — CVE-2018-11797
vendor_oracle·2020-04-15·CVSS 3.1
CVE-2018-11797 [MEDIUM] Oracle Oracle Retail Applications Risk Matrix: Dataloader (Apache pdfbox) — CVE-2018-11797
Oracle Oracle Retail Applications Risk Matrix: Dataloader (Apache pdfbox) vulnerability
CVE: CVE-2018-11797
CVSS: 3.1
Protocol: HTTP
Remote exploit: No
Affected versions: Network
Advisory: cpuapr2020 (APR 2020)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-08-26
Published