CVE-2020-25608Improper Input Validation in Micollab

CWE-20Improper Input ValidationCWE-89SQL Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.4%
top 40.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mitel Micollab
Timeline
PublishedDec 18
Latest updateMay 24

Description

The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

NVDmitel/micollab< 9.2

🔴Vulnerability Details

2
GHSA
GHSA-9jqc-6f29-2rw7: The SAS portal of Mitel MiCollab before 92022-05-24
CVEList
CVE-2020-25608: The SAS portal of Mitel MiCollab before 92020-12-18
CVE-2020-25608 — Improper Input Validation in Micollab | cvebase