Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mitel micollab vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25597
A vulnerability in the web conferencing component of Mitel MiCollab up to and including 9.6.2.9 could allow an unauthenticated malicious user to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A succes...
Mitel Micollab
NA
CVE-2022-41326
The web conferencing component of Mitel MiCollab up to and including 9.6.0.13 could allow an unauthenticated malicious user to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the applica...
Mitel Micollab
NA
CVE-2022-36452
A vulnerability in the web conferencing component of Mitel MiCollab up to and including 9.5.0.101 could allow an unauthenticated malicious user to upload malicious files. A successful exploit could allow an malicious user to execute arbitrary code within the context of the applic...
Mitel Micollab
NA
CVE-2022-36451
A vulnerability in the MiCollab Client server component of Mitel MiCollab up to and including 9.5.0.101 could allow an authenticated malicious user to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could...
Mitel Micollab
NA
CVE-2022-36453
A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 up to and including 9.5.0.101 could allow an authenticated malicious user to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated malicious use...
Mitel Micollab
NA
CVE-2022-36454
A vulnerability in the MiCollab Client API of Mitel MiCollab up to and including 9.5.0.101 could allow an authenticated malicious user to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated malicious user to i...
Mitel Micollab
9
CVSSv2
CVE-2022-26143
The TP-240 (aka tp240dvr) component in Mitel MiCollab prior to 9.4 SP1 FP1 and MiVoice Business Express up to and including 8.1 allows remote malicious users to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). Th...
Mitel Micollab 9.4
Mitel Mivoice Business Express
Mitel Micollab
1 Article
4.3
CVSSv2
CVE-2021-27401
The Join Meeting page of Mitel MiCollab Web Client prior to 9.2 FP2 could allow an malicious user to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS).
Mitel Micollab
Mitel Micollab 9.2
6.4
CVSSv2
CVE-2021-27402
The SAS Admin portal of Mitel MiCollab prior to 9.2 FP2 could allow an unauthenticated malicious user to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal.
Mitel Micollab
Mitel Micollab 9.2
4.3
CVSSv2
CVE-2021-32068
The AWV and MiCollab Client Service components in Mitel MiCollab prior to 9.3 could allow an malicious user to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an mali...
Mitel Micollab
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »