CVE-2021-3176
HIGHMitel BusinessCTI Enterprise < 6.4.15 and 7.x < 7.1.2 - Information Disclosure via HTTP Link Input Validation
Title source: llmDescription
The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view user information and application data.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.mitel.com/support/security-advisories
Vendor Advisory x_refsource_confirm
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0001
Scores
CVSS v3
8.0
EPSS
0.0088
EPSS Percentile
54.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
mitel/businesscti_enterprise
< 6.4.15
Published
Jan 29, 2021
Tracked Since
Feb 18, 2026