CVE-2020-25612Incorrect Authorization in Micollab

CWE-863Incorrect Authorization3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.3%
top 47.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mitel Micollab
Timeline
PublishedDec 18
Latest updateMay 24

Description

The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow an attacker to gain access to sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages1 packages

NVDmitel/micollab< 9.2

🔴Vulnerability Details

2
GHSA
GHSA-4mmh-fcmv-q64r: The NuPoint Messenger of Mitel MiCollab before 92022-05-24
CVEList
CVE-2020-25612: The NuPoint Messenger of Mitel MiCollab before 92020-12-18
CVE-2020-25612 — Incorrect Authorization in Micollab | cvebase