{"api_version":"1","generated_at":"2026-04-23T01:19:11+00:00","cve":"CVE-2018-18819","urls":{"html":"https://cve.report/CVE-2018-18819","api":"https://cve.report/api/cve/CVE-2018-18819.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-18819","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-18819"},"summary":{"title":"CVE-2018-18819","description":"A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-11-12 14:15:00","updated_at":"2019-11-14 15:40:00"},"problem_types":["CWE-863"],"metrics":[],"references":[{"url":"https://www.mitel.com/support/security-advisories","name":"https://www.mitel.com/support/security-advisories","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0012","name":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0012","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Mitel Product Security Advisory 18-0012","mime":"text/html","httpstatus":"403","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-18819","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18819","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"18819","vulnerable":"1","versionEndIncluding":"7.3.0.601","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mitel","cpe5":"micollab","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"18819","vulnerable":"1","versionEndIncluding":"8.0.2.202","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mitel","cpe5":"micollab","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"18819","vulnerable":"1","versionEndIncluding":"7.3.1.302","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mitel","cpe5":"mivoice_business_express","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"18819","vulnerable":"1","versionEndIncluding":"8.0.2.202","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mitel","cpe5":"mivoice_business_express","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-18819","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://www.mitel.com/support/security-advisories","refsource":"MISC","name":"https://www.mitel.com/support/security-advisories"},{"refsource":"CONFIRM","name":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0012","url":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0012"}]}},"nvd":{"publishedDate":"2019-11-12 14:15:00","lastModifiedDate":"2019-11-14 15:40:00","problem_types":["CWE-863"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mitel:mivoice_business_express:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.40","versionEndIncluding":"8.0.2.202","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mitel:mivoice_business_express:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0","versionEndIncluding":"7.3.1.302","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mitel:micollab:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.40","versionEndIncluding":"8.0.2.202","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mitel:micollab:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3","versionEndIncluding":"7.3.0.601","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"18819","Ordinal":"135745","Title":"CVE-2018-18819","CVE":"CVE-2018-18819","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"18819","Ordinal":"1","NoteData":"A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"18819","Ordinal":"2","NoteData":"2019-11-12","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"18819","Ordinal":"3","NoteData":"2019-11-12","Type":"Other","Title":"Modified"}]}}}