Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mitel vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-39285
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect up to and including 19.3 SP3 (22.24.5800.0) could allow an unauthenticated malicious user to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit coul...
Mitel Mivoice Connect
7.5
CVSSv3
CVE-2023-39289
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect up to and including 9.6.2208.101 could allow an unauthenticated malicious user to conduct an account enumeration attack due to improper configuration. A successful exploit could allow an malicious u...
Mitel Mivoice Connect
9.8
CVSSv3
CVE-2023-32748
The Linux DVS server component of Mitel MiVoice Connect up to and including 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.
Mitel Mivoice Connect
8.8
CVSSv3
CVE-2020-27154
The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Windows prior to 6.4.11 and 7.x prior to 7.0.3 could allow an malicious user to gain access to user information by sending arbitrary code, due to improper input validation. A successful exploit could allow an mali...
Mitel Businesscti Enterprise
9.8
CVSSv3
CVE-2021-26714
The Enterprise License Manager portal in Mitel MiContact Center Enterprise prior to 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an malicious user to view and modify application data via Directo...
Mitel Micontact Center Enterprise
1 Github repository
6.5
CVSSv3
CVE-2020-9379
The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 up to and including 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to user conversations.
Mitel Micontact Center Business
6.1
CVSSv3
CVE-2019-9593
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote malicious users to inject arbitrary web script or HTML via the page parameter.
Mitel Connect Onsite 18.82.2000.0
1 EDB exploit
3.3
CVSSv3
CVE-2020-24693
The Ignite portal in Mitel MiContact Center Business prior to 9.3.0.0 could allow a local malicious user to view system information due to insufficient output sanitization.
Mitel Micontact Center Business
7.1
CVSSv3
CVE-2020-24692
The Ignite portal in Mitel MiContact Center Business prior to 9.3.0.0 could allow an malicious user to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an malicious user to gain access to a user session.
Mitel Micontact Center Business
9.1
CVSSv3
CVE-2021-3352
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 up to and including 8.1.4.1 and 9.0.0.0 up to and including 9.3.1.0 could allow an unauthenticated malicious user to access (view and modify) user data without authorization due to improper handling of t...
Mitel Micontact Center Business
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »