Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mitel vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-32748
The Linux DVS server component of Mitel MiVoice Connect up to and including 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.
Mitel Mivoice Connect
10
CVSSv2
CVE-2022-29499
The Service Appliance component in Mitel MiVoice Connect up to and including 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.
Mitel Mivoice Connect
2 Articles
6.5
CVSSv2
CVE-2020-12456
A remote code execution vulnerability in Mitel MiVoice Connect Client prior to 214.100.1223.0 could allow an malicious user to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an malicious user to...
Mitel Mivoice Connect
6
CVSSv2
CVE-2021-3176
The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows prior to 6.4.15 and 7.x prior to 7.1.2 could allow an malicious user to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit cou...
Mitel Businesscti Enterprise
4.3
CVSSv2
CVE-2019-9593
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote malicious users to inject arbitrary web script or HTML via the page parameter.
Mitel Connect Onsite 18.82.2000.0
1 EDB exploit
6.4
CVSSv2
CVE-2021-3352
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 up to and including 8.1.4.1 and 9.0.0.0 up to and including 9.3.1.0 could allow an unauthenticated malicious user to access (view and modify) user data without authorization due to improper handling of t...
Mitel Micontact Center Business
NA
CVE-2023-39286
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect up to and including 9.6.2304.102 could allow an unauthenticated malicious user to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit coul...
Mitel Connect Mobility Router
7.5
CVSSv2
CVE-2021-26714
The Enterprise License Manager portal in Mitel MiContact Center Enterprise prior to 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an malicious user to view and modify application data via Directo...
Mitel Micontact Center Enterprise
1 Github repository
NA
CVE-2023-22854
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 up to and including 9.4.1.0 could allow an unauthenticated malicious user to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive in...
Mitel Micontact Center Business
4.3
CVSSv2
CVE-2019-9592
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote malicious users to inject arbitrary web script or HTML via the url parameter.
Mitel Connect Onsite 19.45.1602.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »