CVE-2020-13767Missing Authentication for Critical Function in Micollab

CWE-306Missing Authentication for Critical Function4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.3%
top 48.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mitel Micollab
Timeline
PublishedAug 26
Latest updateMay 24

Description

The Mitel MiCollab application before 9.1.332 for iOS could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS device, and (if successful) could allow an attacker to gain access to sensitive information,

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

NVDmitel/micollab< 9.1.332

🔴Vulnerability Details

2
GHSA
GHSA-85v9-vq8p-qg8h: The Mitel MiCollab application before 92022-05-24
CVEList
CVE-2020-13767: The Mitel MiCollab application before 92020-08-26

💬Community

1
Bugzilla
CVE-2019-13767 chromium-browser: Use after free in media picker2019-12-18
CVE-2020-13767 — Mitel Micollab vulnerability | cvebase