CVE-2021-27402Path Traversal in Micollab

CWE-22Path Traversal3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 46.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mitel Micollab
Timeline
PublishedAug 13
Latest updateMay 24

Description

The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

NVDmitel/micollab< 9.2+1

🔴Vulnerability Details

2
GHSA
GHSA-q747-vr2x-33cp: The SAS Admin portal of Mitel MiCollab before 92022-05-24
CVEList
CVE-2021-27402: The SAS Admin portal of Mitel MiCollab before 92021-08-13
CVE-2021-27402 — Path Traversal in Mitel Micollab | cvebase