15-0013-001

Security Bulletin for MiVoice Business
SECURITY BULLETIN ID: 15-0013-001
RELEASE VERSION: 1.0
DATE: 2016-02-01
SECURITY BULLETIN 15-0013-001 V1.0
OVERVIEW
This security bulletin provides product-specific details on the vulnerability described in Mitel Security Advisory 15-0013.
Visit http://www.mitel.com/security-advisories for more details.
Mitel is aware of deserialization vulnerability in the Apache Commons Collections (ACC) Java library, which impacts
MiVB’s proprietary Scheduler Java application.
APPLICABLE PRODUCTS
This security bulletin provides information on the following products:
PRODUCT NAME
MiVB
VERSION(S) AFFECTED
7.2 and earlier
SOLUTION(S) AVAILABLE
Update to v7.2 SP1
MiVoice Business for Industry Standard
Server, Stratus, VMware Virtual Appliance,
Multi-instance platform (tenants only)
7.2 and earlier
Update to v7.2 SP1
RISK / EXPOSURE
The vulnerabiltiy is rated as having moderate risk.
CVSS V2.0 OVERALL SCORE:
6.0
CVSS V2.0 VECTOR:
AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS BASE SCORE:
6.0
CVSS TEMPORAL SCORE:
n/a
CVSS ENVIRONMENTAL SCORE:
n/a
OVERALL RISK LEVEL:
Medium
In practice, the risk is anticipated to be much lower as the exposure is limited to an administrative function and
administrator credentials are required to exploit the vulnerability.
MITIGATION / WORKAROUNDS
No mitigation / workarounds are available.
PATCH INFORMATION
Customers are advised to update to MiVB v7.2 SP1. Please contact Mitel Product Support for additional informatoin.
© Copyright 2016, Mitel Networks Corporation. All Rights Reserved.
The Mitel word and logo are trademarks of Mitel Networks Corporation.
Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of
these marks.
Similar pages