CVE-2022-41326 — Missing Authorization in Micollab

CWE-862 — Missing Authorization CWE-863 — Incorrect Authorization3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

2.7%

top 14.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mitel Micollab

Timeline

PublishedNov 22

Description

The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDmitel/micollab9.6.0.105

🔴Vulnerability Details

GHSA

GHSA-43jv-mfhv-x3hx: The web conferencing component of Mitel MiCollab through 9↗2022-11-22

▶

CVEList

CVE-2022-41326: The web conferencing component of Mitel MiCollab through 9↗2022-11-22

▶