CVE-2021-32070

MEDIUM

Mitel MiCollab <9.3 - CSRF

Title source: llm

Description

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users.

References (2)

[Vendor Advisory] https://www.mitel.com/support/security-advisories

[Vendor Advisory] https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0005

Scores

CVSS v3 5.4

EPSS 0.0017

EPSS Percentile 38.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Details

CWE

CWE-1021

Status published

Products (1)

mitel/micollab < 9.3

Published Aug 13, 2021

Tracked Since Feb 18, 2026