Mitel Forums - The Unofficial Source

Mitel Forums => Mitel Software Applications => Topic started by: lundah on December 15, 2021, 10:48:33 AM

Title: MiCollab 9.x Log4j vulnerability
Post by: lundah on December 15, 2021, 10:48:33 AM

In case you missed the post in the MiVB/3300 forum, MiCollab 9.x is impacted by the Log4j vulnerability. Mitel has issued a security advisory and a patch, which requires a reboot of the MiCollab server:

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010 (https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010)

Title: Re: MiCollab 9.x Log4j vulnerability
Post by: mark.vanderheijden on December 16, 2021, 04:07:50 AM

Not only 9.x servers but also 8.x, you can apply the same patch for that versions.

Title: Re: MiCollab 9.x Log4j vulnerability
Post by: lundah on December 16, 2021, 08:43:28 AM

Quote from: mark.vanderheijden on December 16, 2021, 04:07:50 AM

Not only 9.x servers but also 8.x, you can apply the same patch for that versions.

Well that's new since I looked at this yesterday. Guess I have a few more systems to patch.

Title: Re: MiCollab 9.x Log4j vulnerability
Post by: lundah on December 17, 2021, 03:49:04 PM

A couple more updates are out, MiCollab 7.1 and newer, and MiVB Express 7.1 thru 8.0 are vulnerable and should be patched. Same patch procedure for all versions of these platforms.

EX controller running MiVB 9.2 is also vulnerable but a patch is not out yet.