16-0001-001

Security Bulletin for MiCollab
SECURITY BULLETIN ID: 16-0001-001
RELEASE VERSION: 1.0
DATE: 2016-02-01
SECURITY BULLETIN 16-0001-001 V1.0
OVERVIEW
This security bulletin provides product-specific details on the vulnerability described in Mitel Security Advisory 16-0001.
Visit http://www.mitel.com/security-advisories for more details.
APPLICABLE PRODUCTS
This security bulletin provides information on the following products:
PRODUCT NAME
VERSION(S) AFFECTED
SOLUTION(S) AVAILABLE
MiCollab
7.0
Patch for 7.0 PR1 available
RISK / EXPOSURE
An SQL injection vulnerability has been identified within the MiCollab product which may allow the attacker access to
sensitive information in the MiCollab database.
CVSS V2.0 OVERALL SCORE:
8.1
CVSS V2.0 VECTOR:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS BASE SCORE:
7.5
CVSS TEMPORAL SCORE:
6.8
CVSS ENVIRONMENTAL SCORE:
8.1
OVERALL RISK LEVEL:
HIGH
MITIGATION / WORKAROUNDS
No mitigation / workarounds are available
PATCH INFORMATION
A patch based on MiCollab 7.0 PR1 is available to customers, identified as 'SAS 7.0.0.97'. This patch must be
manually installed from the Mitel AMC. Please contact product support for further details on how to obtain and apply
this patch.
© Copyright 2016, Mitel Networks Corporation. All Rights Reserved.
The Mitel word and logo are trademarks of Mitel Networks Corporation.
Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of
these marks.