Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2021-27402

The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal.

  • Published: Aug 13, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-27402
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

  • Severity: Medium
  • Score: 6.4
  • AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
mitel / micollab - 9.2
mitel / micollab 9.2-fp1 9.2-fp1.x
mitel / micollab 9.2 9.2.x