{"api_version":"1","generated_at":"2026-05-13T08:26:29+00:00","cve":"CVE-2021-3352","urls":{"html":"https://cve.report/CVE-2021-3352","api":"https://cve.report/api/cve/CVE-2021-3352.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-3352","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-3352"},"summary":{"title":"CVE-2021-3352","description":"The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2021-08-13 16:15:00","updated_at":"2021-08-25 13:55:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://www.mitel.com/support/security-advisories","name":"https://www.mitel.com/support/security-advisories","refsource":"MISC","tags":[],"title":"Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0002","name":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0002","refsource":"MISC","tags":[],"title":"Mitel Product Security Advisory 21-0001","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-3352","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3352","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"3352","vulnerable":"1","versionEndIncluding":"8.1.4.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mitel","cpe5":"micontact_center_business","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3352","vulnerable":"1","versionEndIncluding":"9.3.1.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mitel","cpe5":"micontact_center_business","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-3352","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://www.mitel.com/support/security-advisories","refsource":"MISC","name":"https://www.mitel.com/support/security-advisories"},{"refsource":"MISC","name":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0002","url":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0002"}]}},"nvd":{"publishedDate":"2021-08-13 16:15:00","lastModifiedDate":"2021-08-25 13:55:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":9.1,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":6.4},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mitel:micontact_center_business:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0.0","versionEndIncluding":"9.3.1.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mitel:micontact_center_business:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.1.4.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"3352","Ordinal":"201498","Title":"CVE-2021-3352","CVE":"CVE-2021-3352","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"3352","Ordinal":"1","NoteData":"The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"3352","Ordinal":"2","NoteData":"2021-08-13","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"3352","Ordinal":"3","NoteData":"2021-08-13","Type":"Other","Title":"Modified"}]}}}