nvd-json-data-feeds/CVE-2020/CVE-2020-256xx/CVE-2020-25611.json

{
  "id": "CVE-2020-25611",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-12-18T08:15:14.717",
  "lastModified": "2021-07-21T11:39:23.747",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Successful exploitation could allow an attacker to view user conference information."
    },
    {
      "lang": "es",
      "value": "El portal AWV de Mitel MiCollab versiones anteriores a 9.2, podr\u00eda permitir a un atacante conseguir acceso a la informaci\u00f3n de la conferencia mediante el env\u00edo de c\u00f3digo arbitrario debido a una comprobaci\u00f3n inapropiada de la entrada, tambi\u00e9n se conoce como XSS. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante visualizar una informaci\u00f3n de la conferencia de usuario"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:*",
              "versionEndExcluding": "9.2",
              "matchCriteriaId": "200AECAB-6B5A-4881-852F-F9ABFB241E3C"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.mitel.com/support/security-advisories",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}