Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
micollab vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-27401
The Join Meeting page of Mitel MiCollab Web Client prior to 9.2 FP2 could allow an malicious user to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS).
Mitel Micollab
Mitel Micollab 9.2
570
VMScore
CVE-2021-27402
The SAS Admin portal of Mitel MiCollab prior to 9.2 FP2 could allow an unauthenticated malicious user to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal.
Mitel Micollab
Mitel Micollab 9.2
890
VMScore
CVE-2019-12165
MiCollab 7.3 PR2 (7.3.0.204) and previous versions, 7.2 (7.2.2.13) and previous versions, and 7.1 (7.1.0.57) and previous versions and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful...
Mitel Micollab
Mitel Micollab Audio\\, Web \\& Video Conferencing
802
VMScore
CVE-2022-26143
The TP-240 (aka tp240dvr) component in Mitel MiCollab prior to 9.4 SP1 FP1 and MiVoice Business Express up to and including 8.1 allows remote malicious users to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). Th...
Mitel Micollab 9.4
Mitel Mivoice Business Express
Mitel Micollab
1 Article
383
VMScore
CVE-2019-19370
A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab application prior to 9.0.15 for Android could allow an unauthenticated malicious user to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the ...
Mitel Micollab
356
VMScore
CVE-2021-32072
The MiCollab Client Service component in Mitel MiCollab prior to 9.3 could allow an malicious user to get source code information (disclosing sensitive application data) due to insufficient output sanitization. A successful exploit could allow an malicious user to view source cod...
Mitel Micollab
383
VMScore
CVE-2021-32068
The AWV and MiCollab Client Service components in Mitel MiCollab prior to 9.3 could allow an malicious user to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an mali...
Mitel Micollab
516
VMScore
CVE-2021-32069
The AWV component of Mitel MiCollab prior to 9.3 could allow an malicious user to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an malicious user to view and modify data.
Mitel Micollab
383
VMScore
CVE-2020-13767
The Mitel MiCollab application prior to 9.1.332 for iOS could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS device, and (if successful) could allow an malicious user to gain access to sensiti...
Mitel Micollab
NA
CVE-2022-36451
A vulnerability in the MiCollab Client server component of Mitel MiCollab up to and including 9.5.0.101 could allow an authenticated malicious user to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could...
Mitel Micollab
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »