Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mitel vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2020-24692
The Ignite portal in Mitel MiContact Center Business prior to 9.3.0.0 could allow an malicious user to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an malicious user to gain access to a user session.
Mitel Micontact Center Business
4.3
CVSSv3
CVE-2023-39286
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect up to and including 9.6.2304.102 could allow an unauthenticated malicious user to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit coul...
Mitel Connect Mobility Router
7.5
CVSSv3
CVE-2023-22854
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 up to and including 9.4.1.0 could allow an unauthenticated malicious user to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive in...
Mitel Micontact Center Business
7.5
CVSSv3
CVE-2016-6562
On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such ...
Mitel Shortel Mobility Client 9.1.3.109
8.8
CVSSv3
CVE-2023-40265
An issue exists in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload.
Mitel Unify Openscape Xpressions Webassistant
9.8
CVSSv3
CVE-2023-40266
An issue exists in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal.
Mitel Unify Openscape Xpressions Webassistant
6.1
CVSSv3
CVE-2018-16226
A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and previous versions, could allow an unauthenticated malicious user to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page...
Mitel Mivoice Office 400 R5.0
9.8
CVSSv3
CVE-2019-19607
A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV prior to 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an malicious user to extract sensitive inf...
Mitel Micollab Audio\\, Web \\& Video Conferencing
9.8
CVSSv3
CVE-2019-19608
A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV prior to 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an malicious user to extract sens...
Mitel Micollab Audio\\, Web \\& Video Conferencing
5.3
CVSSv3
CVE-2020-11798
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV prior to 8.1.2.4 and 9.x prior to 9.1.3 could allow an malicious user to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access valida...
Mitel Micollab Audio\\, Web \\& Video Conferencing
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »