Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mitel micontact center business vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-22854
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 up to and including 9.4.1.0 could allow an unauthenticated malicious user to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive in...
Mitel Micontact Center Business
7.1
CVSSv3
CVE-2020-24692
The Ignite portal in Mitel MiContact Center Business prior to 9.3.0.0 could allow an malicious user to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an malicious user to gain access to a user session.
Mitel Micontact Center Business
3.3
CVSSv3
CVE-2020-24693
The Ignite portal in Mitel MiContact Center Business prior to 9.3.0.0 could allow a local malicious user to view system information due to insufficient output sanitization.
Mitel Micontact Center Business
9.1
CVSSv3
CVE-2021-3352
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 up to and including 8.1.4.1 and 9.0.0.0 up to and including 9.3.1.0 could allow an unauthenticated malicious user to access (view and modify) user data without authorization due to improper handling of t...
Mitel Micontact Center Business
6.5
CVSSv3
CVE-2020-9379
The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 up to and including 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to user conversations.
Mitel Micontact Center Business
NA
CVE-2024-28069
A vulnerability in the legacy chat component of Mitel MiContact Center Business up to and including 10.0.0.4 could allow an unauthenticated malicious user to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an malicious user...
NA
CVE-2024-28070
A vulnerability in the legacy chat component of Mitel MiContact Center Business up to and including 10.0.0.4 could allow an unauthenticated malicious user to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could all...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started