CVE-2024-47912Missing Authentication for Critical Function in Micollab

CWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
8.2HIGHNVD
EPSS
0.7%
top 27.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mitel Micollab
Timeline
PublishedOct 21

Description

A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A successful exploit could allow an attacker to access and delete sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 3.9 | Impact: 4.2

Affected Packages1 packages

NVDmitel/micollab9.8.1.201

🔴Vulnerability Details

2
GHSA
GHSA-62xf-29xj-84wm: A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 92024-10-21
CVEList
CVE-2024-47912: A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 92024-10-21
CVE-2024-47912 — Mitel Micollab vulnerability | cvebase