Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mitel vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-12679
A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote malicious users to inject arbitrary JavaScript and HTML via the PATH_INFO to home.php.
Mitel Mivoice Connect
Mitel Shoretel Conference Web 19.50.1000.0
5.9
CVSSv3
CVE-2019-19891
An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an malicious user to launch a man-in-the-middle attack. A successful exploit may allow the malicious user to intercept sensitive information.
Mitel Sip-dect Firmware 8.0
Mitel Sip-dect Firmware 8.1
9.8
CVSSv3
CVE-2019-12165
MiCollab 7.3 PR2 (7.3.0.204) and previous versions, 7.2 (7.2.2.13) and previous versions, and 7.1 (7.1.0.57) and previous versions and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful...
Mitel Micollab
Mitel Micollab Audio\\, Web \\& Video Conferencing
5.3
CVSSv3
CVE-2020-24592
Mitel MiCloud Management Portal prior to 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization.
Mitel Micloud Management Portal
Mitel Micloud Management Portal 6.1
7.2
CVSSv3
CVE-2020-24593
Mitel MiCloud Management Portal prior to 6.1 SP5 could allow a remote malicious user to conduct a SQL Injection attack and access user credentials due to improper input validation.
Mitel Micloud Management Portal
Mitel Micloud Management Portal 6.1
5.3
CVSSv3
CVE-2020-24595
Mitel MiCloud Management Portal prior to 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control.
Mitel Micloud Management Portal
Mitel Micloud Management Portal 6.1
1 Github repository
9.6
CVSSv3
CVE-2020-24594
Mitel MiCloud Management Portal prior to 6.1 SP5 could allow an unauthenticated malicious user to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an malicious user to gain access to a user session.
Mitel Micloud Management Portal
Mitel Micloud Management Portal 6.1
5.3
CVSSv3
CVE-2017-16250
A vulnerability in Mitel ST 14.2, release GA28 and previous versions, could allow an malicious user to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names.
Mitel St14.2
8.8
CVSSv3
CVE-2017-16251
A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and previous versions, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an malicious user to execute arbitr...
Mitel St14.2
1 Github repository
9.8
CVSSv3
CVE-2021-32071
The MiCollab Client service in Mitel MiCollab prior to 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an malicious user to view and modify application data, and cause a denial of service for users.
Mitel Micollab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »