1. Home
  2. CVE Database
  3. CVE-2018-18819
MEDIUM · 5.3

CVE-2018-18819

A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7....

Vulnerability Description

A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
MitelMicollab>= 7.3, <= 7.3.0.601
MitelMivoice Business Express>= 7.0, <= 7.3.1.302

Related Weaknesses (CWE)

CWE-863

References

FAQ

What is CVE-2018-18819?

CVE-2018-18819 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7....

How severe is CVE-2018-18819?

CVE-2018-18819 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-18819?

Check the references section above for vendor advisories and patch information. Affected products include: Mitel Micollab, Mitel Mivoice Business Express.