Mitel Product Security Advisory OBSO-2408-01

Unify OpenScape Business Sensitive Information Disclosure Vulnerability

Advisory ID: OBSO-2408-01

Publish Date: 2024-08-14

Last Updated: 2024-08-14

Revision: 1.0

Summary

A vulnerability that discloses sensitive information in the UC Suite of the Unify OpenScape Business application could allow an authenticated attacker with administrative privileges to disclose sensitive information due to insufficient protection measures. A successful exploit requires a malicious user to gain access to administrative functionality for backup and diagnostics functions or data. This vulnerability could compromise the security of the user's OpenScape Business UC account.

The vulnerability severity is rated as medium.

Mitel is recommending customers with affected product versions update to the latest release.

Affected Products

Product statements are related only to supported product versions. Products which have reached End of Support (M44) status are not considered.

Products confirmed affected

Product Name

Product Version

Available Solution(s)

Unify OpenScape Business Application

V3 R3.1.1_009 and earlier

Upgrade to fixed version V3 R3.2.0_553 (GA update) or later
Upgrade to fixed version V3 R3.2.1_005 (HF2) or later

Risk Assessment

CVSS3.1 Base score: 4.9 (Medium)

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

A successful exploitation could lead to subsequent attacks with increased risk. Customers are strongly advised to update to the solution version as soon as feasible or apply the available mitigations.

Mitigation / Recommended Action

Mitel is recommending customers with affected product versions update to the latest versions.
Customers who are concerned to address potential residual risk are recommended to update UC Suite user passwords.

Customers are encouraged to consult the Knowledge Management System (KMS) article KB000109550 for detailed technical instructions on how to change passwords.
For registered partners: https://atosunify.service-now.com/kb_view.do?sysparm_article=KB000109550
Please log in to the Unify support portal to view this link.

Revision History

Version	Date	Description
1.0	2024-08-14	Initial release

Advisory: OBSO-2408-01, status: general release
Security Advisories are released as part of Mitel Unify's Vulnerability Intelligence Process. For more information see https://www.mitel.com/support/security-advisories.

Contact and Disclaimer

Mitel Product Security Office
[email protected]
© Unify Software and Solutions GmbH & Co. KG 2024
Otto-Hahn-Ring 6
D-81739 München
www.mitel.com

The information provided in this document contains merely general descriptions or characteristics of performance which in case of actual use do not always apply as described or which may change as a result of further development of the products. An obligation to provide the respective characteristics shall only exist if expressly agreed in the terms of contract. Availability and technical specifications are subject to change without notice.
Unify, OpenScape, OpenStage and HiPath are registered trademarks of Unify Software and Solutions GmbH & Co. KG.

All other company, brand, product, and service names are trademarks or registered trademarks of their respective holders.

First Name

Last Name

Email Address

Relationship to Mitel

By providing the above information, you agree that we may process your personal data in accordance with our Privacy Policy.

Do you agree to the terms and conditions of using our services?