CVE-2021-27402

The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt