CVE-2023-22854
CVE-2023-22854
7.5
HighPublished:
Last updated:
Source:cve@mitre.org
Modified
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- None
- Availability
- None
Description
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.
References
cve@mitre.org
https://www.mitel.com/support/security-advisoriescve@mitre.org
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0001af854a3a-2127-422b-91ae-364da2661108
https://www.mitel.com/support/security-advisoriesaf854a3a-2127-422b-91ae-364da2661108
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0001