CVE-2020-25608

HIGH

Mitel MiCollab < 9.2 - SQL Injection via SAS Portal

Title source: llm
STIX 2.1

Description

The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.mitel.com/support/security-advisories

Scores

CVSS v3 7.2
EPSS 0.0089
EPSS Percentile 54.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20 CWE-89
Status published
Products (1)
mitel/micollab < 9.2
Published Dec 18, 2020
Tracked Since Feb 18, 2026