Description
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization.
Affected Software
Related
{"id": "CVE-2021-32067", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-32067", "description": "The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization.", "published": "2021-08-13T16:15:00", "modified": "2021-08-23T18:40:00", "epss": [{"cve": "CVE-2021-32067", "epss": 0.00078, "percentile": 0.31861, "modified": "2023-05-27"}], "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 6.4}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 3.9, "impactScore": 2.5}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32067", "reporter": "cve@mitre.org", "references": ["https://www.mitel.com/support/security-advisories", "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0005"], "cvelist": ["CVE-2021-32067"], "immutableFields": [], "lastseen": "2023-05-27T14:43:57", "viewCount": 21, "enchantments": {"dependencies": {"references": [{"type": "cnvd", "idList": ["CNVD-2021-90923"]}]}, "score": {"value": 1.6, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "affected_software": {"major_version": [{"name": "mitel micollab", "version": 9}]}, "epss": [{"cve": "CVE-2021-32067", "epss": 0.00078, "percentile": 0.31721, "modified": "2023-05-08"}], "vulnersScore": 1.6}, "_state": {"dependencies": 1685211539, "score": 1685200094, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "5e918b0a29698940ee548415fefaebb9"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-116"], "affectedSoftware": [{"cpeName": "mitel:micollab", "version": "9.3", "operator": "lt", "name": "mitel micollab"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:mitel:micollab:9.3:*:*:*:*:-:*:*", "versionEndExcluding": "9.3", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://www.mitel.com/support/security-advisories", "name": "https://www.mitel.com/support/security-advisories", "refsource": "MISC", "tags": ["Vendor Advisory"]}, {"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0005", "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0005", "refsource": "MISC", "tags": ["Vendor Advisory"]}], "product_info": [{"vendor": "Mitel", "product": "Micollab"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "1976-01-01T00:00:00"}
{"prion": [{"lastseen": "2023-08-16T04:56:19", "description": "The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2021-08-13T16:15:00", "type": "prion", "title": "CVE-2021-32067", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32067"], "modified": "2021-08-23T18:40:00", "id": "PRION:CVE-2021-32067", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-32067", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "cnvd": [{"lastseen": "2022-11-05T08:29:55", "description": "An information disclosure vulnerability exists in the MiCollab Client Service component in Mitel MiCollab versions prior to 9.3, an enterprise collaboration software and tools platform solution. The vulnerability stems from insufficient output validation. An attacker could exploit the vulnerability to view sensitive system information via HTTP responses.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2021-08-16T00:00:00", "type": "cnvd", "title": "Mitel MiCollab Information Disclosure Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32067"], "modified": "2021-11-25T00:00:00", "id": "CNVD-2021-90923", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-90923", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}]}
CVE-2021-32067
