Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mitel vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2021-32069
The AWV component of Mitel MiCollab prior to 9.3 could allow an malicious user to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an malicious user to view and modify data.
Mitel Micollab
5.8
CVSSv2
CVE-2021-32070
The MiCollab Client Service component in Mitel MiCollab prior to 9.3 could allow an malicious user to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an malicious user to modify the browser header and redirect users.
Mitel Micollab
7.5
CVSSv2
CVE-2021-32071
The MiCollab Client service in Mitel MiCollab prior to 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an malicious user to view and modify application data, and cause a denial of service for users.
Mitel Micollab
NA
CVE-2022-36454
A vulnerability in the MiCollab Client API of Mitel MiCollab up to and including 9.5.0.101 could allow an authenticated malicious user to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated malicious user to i...
Mitel Micollab
9
CVSSv2
CVE-2017-16251
A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and previous versions, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an malicious user to execute arbitr...
Mitel St14.2
1 Github repository
6.5
CVSSv2
CVE-2020-25608
The SAS portal of Mitel MiCollab prior to 9.2 could allow an malicious user to access user credentials due to improper input validation, aka SQL Injection.
Mitel Micollab
5
CVSSv2
CVE-2020-25610
The AWV component of Mitel MiCollab prior to 9.2 could allow an malicious user to gain access to a web conference due to insufficient access control for conference codes.
Mitel Micollab
6.4
CVSSv2
CVE-2020-35547
A library index page in NuPoint Messenger in Mitel MiCollab prior to 9.2 FP1 could allow an unauthenticated malicious user to gain access (view and modify) to user data.
Mitel Micollab
4.3
CVSSv2
CVE-2020-25611
The AWV portal of Mitel MiCollab prior to 9.2 could allow an malicious user to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Successful exploitation could allow an malicious user to view user conference information.
Mitel Micollab
4.3
CVSSv2
CVE-2018-12901
A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and previous versions, could allow an unauthenticated malicious user to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A suc...
Mitel St Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »