Americas
Oceania
Sélectionnez la région / le pays / la langue
Advisory ID: 21-0001
Publish Date: 2021-01-25
Last Updated: 2021-01-25
Revision: 1.0
The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows could allow an attacker to gain access to user information by sending arbitrary code, due to improper input validation of http links. A successful exploit could allow an attacker to view the user information and application data.
Mitel is recommending customers with affected product versions, update to the latest release.
Product Name | Product Version | Security Bulletin | Last Updated |
---|---|---|---|
Mitel BusinessCTI Enterprise (MBC-E) |
6.4.14 and earlier 7.1.1 and earlier |
2021-1-25 |
Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.
As a workaround, the chat functionality of Mitel BusinessCTI Enterprise (MBC-E) can be temporarily disabled to prevent the chat window from opening.
Mitel partners and customers are advised to review the product Security Bulletin. For additional information, contact Product Support.
Version | Date | Description |
---|---|---|
1.0 | 2021-1-25 | Initial version |