Vulnerability Details CVE-2019-19607
A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2019-19607
-
_web_&_video_conferencing:-
-
_web_&_video_conferencing:5.0
-
_web_&_video_conferencing:5.0.5.7
-
_web_&_video_conferencing:6.0
-
_web_&_video_conferencing:6.0.0.61
-
_web_&_video_conferencing:6.1
-
_web_&_video_conferencing:6.1.0.28
-
_web_&_video_conferencing:6.2
-
_web_&_video_conferencing:6.2.2.8
-
_web_&_video_conferencing:6.3
-
_web_&_video_conferencing:6.3.0.103
-
_web_&_video_conferencing:7.3
-
_web_&_video_conferencing:8.0
-
_web_&_video_conferencing:8.0.2.301
-
_web_&_video_conferencing:8.1
-
_web_&_video_conferencing:8.1.1.11
-
cpe:2.3:a:mitel:micollab_audio