CVE-2021-3352
9.1 CRITICALThe Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an u...
Published: 2021-08-13 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 9.1 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products
| Vendor | Product |
|---|---|
| mitel | micontact_center_business |
Description
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3352
- [Vendor advisory]https://www.mitel.com/support/security-advisories
- [Vendor advisory]https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0002
- [Vendor advisory]https://www.mitel.com/support/security-advisories
- [Vendor advisory]https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0002
Related CVEs
Same vendor
- CVE-2021-3176 — The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker... (8.0 HIGH)
- CVE-2018-3639 — Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior ... (5.5 MEDIUM)