15-0012-004

Security Bulletin for MiVoice Business
Express (MiVB-X)
SECURITY BULLETIN ID: 15-0012-004
RELEASE VERSION: 1.0
DATE: 2016-02-01
SECURITY BULLETIN 15-0012-004 V1.0
OVERVIEW
This security bulletin provides product-specific details on the vulnerability described in Mitel Security Advisory 15-0012.
Visit http://www.mitel.com/security-advisories for more details.
Multiple vulnerabilities have been identified in specific versions of Oracle Java. The reported issues have varied levels
of risk, where some of which were rated as high. Details for some issues are undisclosed by the vendor.
As a precautionary measure, Mitel is updating products to use unaffected versions of Java. The corresponding CVEs
are identified in this Security Bulletin; customers are advised to consult these CVEs and vendor references for
technical details.
APPLICABLE PRODUCTS
This security bulletin provides information on the following products:
PRODUCT NAME
VERSION(S) AFFECTED
SOLUTION(S) AVAILABLE
MiCollab with Voice (MiCV)
MiCV 6.0 SP1 & SP2
(6.0.123.0, 6.0.205.0, 6.0.207.0)
MiVoice Business Express (MiVB-X)
7.0 (7.0.0.102) OVA
RISK / EXPOSURE
The following CVEs are potentially applicable to NPM (listed in order of ID):
CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806,
CVE-2015-4842, CVE-2015-4843, CVE-2015-4860, CVE-2015-4872,
CVE-2015-4883, CVE-2015-4893, CVE-2015-4903, CVE-2015-4911
Due to the limited information, Mitel’s ability to confirm applicability and resolution is limited, and is therefore relying on
the vendor’s assertion.
The aforementioned CVEs have varied levels of risk. Please consult the CVEs for additional details.
MITIGATION / WORKAROUNDS
No workarounds are available.
Mitigation is available through a newer version of MiVoice Business Express 7.0 software (7.0.0.102) in the form of an
OVA that can be deployed to a VMWare Environment. For Hyper-V type deployment, the software ISOs can be
downloaded from MOL.
PATCH INFORMATION
A new release of MSL is available, which provides an updated Java runtime environment, as well as other fixes.
Customers are advised to update to MSL 10.1.47.0 or higher. Alternatively, customers can update MiVoice Business
Express to an unaffected version. Customers are advised to contact Product Support for more information.
© Copyright 2016, Mitel Networks Corporation. All Rights Reserved.
The Mitel word and logo are trademarks of Mitel Networks Corporation.
Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of
these marks.