CVE-2023-25597 β€” Improper Authentication in Micollab

CWE-287 β€” Improper Authentication3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.4%
top 40.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mitel Micollab
Timeline
PublishedApr 14

Description

A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

β–ΆNVDmitel/micollab< 9.7

πŸ”΄Vulnerability Details

2
CVEList
CVE-2023-25597: A vulnerability in the web conferencing component of Mitel MiCollab through 9β†—2023-04-14
β–Ά
GHSA
GHSA-9g43-4p8p-g9g5: A vulnerability in the web conferencing component of Mitel MiCollab through 9β†—2023-04-14
β–Ά
CVE-2023-25597 β€” Improper Authentication in Micollab | cvebase