Vulnerability Description
A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitel | Micollab Audio\, Web \& Video Conferencing | <= 8.0.2.301 |
Related Weaknesses (CWE)
References
- https://www.mitel.com/support/security-advisoriesVendor Advisory
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisorVendor Advisory
- https://www.mitel.com/support/security-advisoriesVendor Advisory
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisorVendor Advisory
FAQ
What is CVE-2019-19608?
CVE-2019-19608 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredLis...
How severe is CVE-2019-19608?
CVE-2019-19608 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-19608?
Check the references section above for vendor advisories and patch information. Affected products include: Mitel Micollab Audio\, Web \& Video Conferencing.