Description
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users.
Affected Software
Related
{"id": "CVE-2021-32070", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-32070", "description": "The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users.", "published": "2021-08-13T16:15:00", "modified": "2021-08-23T18:07:00", "epss": [{"cve": "CVE-2021-32070", "epss": 0.00078, "percentile": 0.31861, "modified": "2023-05-27"}], "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 2.5}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32070", "reporter": "cve@mitre.org", "references": ["https://www.mitel.com/support/security-advisories", "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0005"], "cvelist": ["CVE-2021-32070"], "immutableFields": [], "lastseen": "2023-05-27T14:43:58", "viewCount": 21, "enchantments": {"dependencies": {"references": [{"type": "cnvd", "idList": ["CNVD-2021-62454"]}]}, "score": {"value": 4.6, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "affected_software": {"major_version": [{"name": "mitel micollab", "version": 9}]}, "epss": [{"cve": "CVE-2021-32070", "epss": 0.00078, "percentile": 0.31721, "modified": "2023-05-08"}], "vulnersScore": 4.6}, "_state": {"dependencies": 1685211539, "score": 1685200094, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "bcab90c6d9d90abbc528e2adbbf7a751"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-1021"], "affectedSoftware": [{"cpeName": "mitel:micollab", "version": "9.3", "operator": "lt", "name": "mitel micollab"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:mitel:micollab:9.3:*:*:*:*:-:*:*", "versionEndExcluding": "9.3", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://www.mitel.com/support/security-advisories", "name": "https://www.mitel.com/support/security-advisories", "refsource": "MISC", "tags": ["Vendor Advisory"]}, {"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0005", "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0005", "refsource": "MISC", "tags": ["Vendor Advisory"]}], "product_info": [{"vendor": "Mitel", "product": "Micollab"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "1976-01-01T00:00:00"}
{"prion": [{"lastseen": "2023-08-16T04:57:58", "description": "The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.5}, "published": "2021-08-13T16:15:00", "type": "prion", "title": "CVE-2021-32070", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32070"], "modified": "2021-08-23T18:07:00", "id": "PRION:CVE-2021-32070", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-32070", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "cnvd": [{"lastseen": "2022-11-05T10:18:48", "description": "An authorization issue vulnerability exists in Mitel Networks MiCollab, a mobile application from Mitel Networks Canada that provides voice, video, messaging, audio conferencing, and team collaboration for employees, and stems from the product's MiCollab Client Service component does not validate the corresponding header. An attacker could redirect to the user by modifying the browser header.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.5}, "published": "2021-08-17T00:00:00", "type": "cnvd", "title": "Mitel Networks MiCollab Licensing Issue Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32070"], "modified": "2021-08-17T00:00:00", "id": "CNVD-2021-62454", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-62454", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}]}
CVE-2021-32070
