CVE-2020-13863Injection in Micollab

CWE-74Injection3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.7%
top 28.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mitel Micollab
Timeline
PublishedAug 26
Latest updateMay 24

Description

The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages1 packages

NVDmitel/micollab< 9.1.3

🔴Vulnerability Details

2
GHSA
GHSA-7mwr-4rxf-j77g: The SAS portal of Mitel MiCollab before 92022-05-24
CVEList
CVE-2020-13863: The SAS portal of Mitel MiCollab before 92020-08-26
CVE-2020-13863 — Injection in Mitel Micollab | cvebase