Security Bulletin for MiCollab SECURITY BULLETIN ID: 16-0001-001 RELEASE VERSION: 1.0 DATE: 2016-02-01 SECURITY BULLETIN 16-0001-001 V1.0 OVERVIEW This security bulletin provides product-specific details on the vulnerability described in Mitel Security Advisory 16-0001. Visit http://www.mitel.com/security-advisories for more details. APPLICABLE PRODUCTS This security bulletin provides information on the following products: PRODUCT NAME VERSION(S) AFFECTED SOLUTION(S) AVAILABLE MiCollab 7.0 Patch for 7.0 PR1 available RISK / EXPOSURE An SQL injection vulnerability has been identified within the MiCollab product which may allow the attacker access to sensitive information in the MiCollab database. CVSS V2.0 OVERALL SCORE: 8.1 CVSS V2.0 VECTOR: AV:N/AC:L/Au:N/C:P/I:P/A:P CVSS BASE SCORE: 7.5 CVSS TEMPORAL SCORE: 6.8 CVSS ENVIRONMENTAL SCORE: 8.1 OVERALL RISK LEVEL: HIGH MITIGATION / WORKAROUNDS No mitigation / workarounds are available PATCH INFORMATION A patch based on MiCollab 7.0 PR1 is available to customers, identified as 'SAS 7.0.0.97'. This patch must be manually installed from the Mitel AMC. Please contact product support for further details on how to obtain and apply this patch. © Copyright 2016, Mitel Networks Corporation. All Rights Reserved. The Mitel word and logo are trademarks of Mitel Networks Corporation. Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of these marks.