Filtered by vendor Mitel
Subscriptions
Total
147 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47224 | 1 Mitel | 1 Micollab | 2025-06-24 | 6.5 Medium |
| A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack. | ||||
| CVE-2024-28066 | 1 Mitel | 28 6905, 6905 Firmware, 6910 and 25 more | 2025-06-18 | 8.8 High |
| In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password). | ||||
| CVE-2024-28069 | 1 Mitel | 1 Micontact Center Business | 2025-06-02 | 7.5 High |
| A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component. | ||||
| CVE-2024-28070 | 1 Mitel | 1 Micontact Center Business | 2025-06-02 | 6.8 Medium |
| A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access. | ||||
| CVE-2024-42514 | 1 Mitel | 1 Micontact Center Business | 2025-05-30 | 8.1 High |
| A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session. | ||||
| CVE-2024-35283 | 1 Mitel | 1 Micontact Center Business | 2025-05-29 | 6.1 Medium |
| A vulnerability in the Ignite component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a stored cross-site scripting (XSS) attack due to insufficient input validation. | ||||
| CVE-2024-35284 | 1 Mitel | 1 Micontact Center Business | 2025-05-29 | 5.4 Medium |
| A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. | ||||
| CVE-2023-40266 | 1 Mitel | 1 Unify Openscape Xpressions Webassistant | 2025-05-15 | 9.8 Critical |
| An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal. | ||||
| CVE-2023-40265 | 1 Mitel | 1 Unify Openscape Xpressions Webassistant | 2025-05-15 | 8.8 High |
| An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload. | ||||
| CVE-2022-36454 | 1 Mitel | 1 Micollab | 2025-05-07 | 6.5 Medium |
| A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name. | ||||
| CVE-2022-36453 | 1 Mitel | 1 Micollab | 2025-05-07 | 8.8 High |
| A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number. | ||||
| CVE-2022-36452 | 1 Mitel | 1 Micollab | 2025-05-07 | 9.8 Critical |
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application. | ||||
| CVE-2022-36451 | 1 Mitel | 1 Micollab | 2025-05-07 | 8.8 High |
| A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server. | ||||
| CVE-2022-41326 | 1 Mitel | 1 Micollab | 2025-04-29 | 9.8 Critical |
| The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application. | ||||
| CVE-2024-36446 | 1 Mitel | 1 Mivoice Mx-one | 2025-03-25 | 8.8 High |
| The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successful exploit could allow an attacker to bypass the authorization schema. | ||||
| CVE-2024-30160 | 1 Mitel | 1 Micollab | 2025-03-22 | 4.8 Medium |
| A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts. | ||||
| CVE-2024-30159 | 1 Mitel | 1 Micollab | 2025-03-22 | 4.8 Medium |
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts. | ||||
| CVE-2023-22854 | 1 Mitel | 1 Micontact Center Business | 2025-03-21 | 9.1 Critical |
| The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information. | ||||
| CVE-2023-25597 | 1 Mitel | 1 Micollab | 2025-02-07 | 5.9 Medium |
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to sensitive information. | ||||
| CVE-2023-31460 | 1 Mitel | 1 Mivoice Connect | 2025-01-31 | 7.2 High |
| A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters. | ||||