CVE-2020-11797 — Missing Authentication for Critical Function in Micollab Audio WEB Video Conferencing

CWE-306 — Missing Authentication for Critical Function4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 33.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mitel Micollab Audio WEB Video Conferencing

Timeline

PublishedAug 26

Latest updateMay 24

Description

An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit could allow an attacker to access sensitive shared files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDmitel/micollab_audio_web_video_conferencing9.0 — 9.1.3+1

🔴Vulnerability Details

GHSA

GHSA-jmhg-7h5w-chvf: An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8↗2022-05-24

▶

CVEList

CVE-2020-11797: An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8↗2020-08-26

▶

📋Vendor Advisories

Oracle

Oracle Oracle Retail Applications Risk Matrix: Dataloader (Apache pdfbox) — CVE-2018-11797↗2020-04-15

▶