Mitel Product Security Advisory 18-0005

Mitel for Salesforce XSS Vulnerability

Advisory ID: 18-0005
Publish Date: 2018-03-06
Revision: 1.0

Summary

A blind Cross-site Scripting (XSS) vulnerability has been identified in Mitel for Salesforce softphone component used with Connect ONSITE and ST 14.2. To successfully exploit this vulnerability, an attacker must enter malicious code into the database. When the Mitel for Salesforce softphone component renders data in the browser, the vulnerability could allow an injected malicious script to execute in the context of the integration allowing disclosure and modification of data, and impacting the availability of the component for the impacted user.

This vulnerability was privately reported to Mitel. Mitel is not aware of customers that have been impacted by this vulnerability.

Mitel has made available an updated release to address this vulnerability.

Credit is given to Ben Sadeghipour - NahamSec.com for the discovery.

Affected Products

A Security Bulletin is being issued for the following product:

Product Name

Product Versions

Security Bulletin

Last Updated

Mitel for Salesforce

5.3.0.21 and earlier

18-0005-001

2018-03-06

Risk Assessment

The risk of this vulnerability is rated as high. Refer to the product Security Bulletin for additional statements regarding risk.

Mitigation / Recommended Action

Mitel has made available an updated release to address this vulnerability. In most cases, this update will be automatically deployed to users. Customers who are concerned should review the Security Bulletin for steps to verify and if required update their Mitel for SalesForce software.

Customers are advised to review the product Security Bulletin. For additional information, contact your partner or Mitel customer support at: https://oneview.mitel.com/s/support.

External References
n/a

Related CVEs / CWEs / Advisories
n/a

Revision History

Version

Date

Description

1.0

2018-03-06

Initial version

Attachment(s)

Security Bulletin 18 0005 001

Pourquoi choisir Mitel

Produits et Services

Partenaires

Clients

Ressources

Nos secteurs d'expertise

Taille d’Entreprise

Les besoins de votre entreprise

Produits

Services

Partenaire avec Mitel

Aide aux partenaires

Formations pour les partenaires

Mitel Solutions Alliance

Développeurs CloudLink

CLIMB

Ressources pour les clients

Développer les capacités

Carrières

Communiqués de presse

Centre de documentation technique

Avis de sécurité

Blog

Centre de ressources

Santé

Finance

Administrations Publiques

Hôtellerie

Education

Systèmes et solutions téléphoniques d'entreprise

Collaboration

Contact Center

Téléphones et accessoires

Mission critique et solutions verticales

Phases du cycle de vie

À la une

Mitel for Salesforce XSS Vulnerability

Prêt à parler aux ventes ? Contactez-nous.