Americas
Oceania
Advisory ID: 16-0015
Publish Date: 2016-11-04
Revision: 1.0
Summary
The document upload feature in conferences does not validate or restrict the files that a valid user can upload.
Detailed Description
AWV provides a conference leader with an option of uploading documents to the server prior to or during a conference. This particular feature is vulnerable to attack where a malicious user could upload an executable script, which could then be used to gain access to other system files
Affected Products
The following products were identified as affected:
Product Name | Product Versions | Security Bulletin | Last Updated |
MiCollab AWV | AWV 6.x AWV 5.x |
16-0015-001 | 2016-11-04 |
Risk Assessment
This vulnerability has been assessed as having a CVSS v2 Base Score of 6.0, with a moderate level of risk. Refer to the Security Bulletin above for additional information.
Mitigation / Recommended Action
Administrators of affected product versions should ensure that only trusted users are granted permissions to upload
files to MiCollab conferences.
External References
https://cwe.mitre.org/data/definitions/434.html
CWE-434