CVE-2021-32072Improper Encoding or Escaping of Output in Micollab

CWE-116Improper Encoding or Escaping of Output3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 50.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mitel Micollab
Timeline
PublishedAug 13
Latest updateMay 24

Description

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitization. A successful exploit could allow an attacker to view source code methods.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDmitel/micollab< 9.3

🔴Vulnerability Details

2
GHSA
GHSA-wvgw-m336-mf9v: The MiCollab Client Service component in Mitel MiCollab before 92022-05-24
CVEList
CVE-2021-32072: The MiCollab Client Service component in Mitel MiCollab before 92021-08-13
CVE-2021-32072 — Mitel Micollab vulnerability | cvebase