Filtered by vendor Mitel Subscriptions
Total 131 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-19275 1 Mitel 2 Cmg Suite, Inattend 2024-11-21 N/A
The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system.
CVE-2018-18819 1 Mitel 2 Micollab, Mivoice Business Express 2024-11-21 5.3 Medium
A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands.
CVE-2018-18286 1 Mitel 1 Cmg Suite 2024-11-21 N/A
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.
CVE-2018-18285 1 Mitel 1 Cmg Suite 2024-11-21 N/A
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.
CVE-2018-16226 1 Mitel 1 Mivoice Office 400 2024-11-21 N/A
A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the attacker to execute arbitrary scripts to access sensitive browser-based information.
CVE-2018-15497 1 Mitel 2 Mivoice 5330e, Mivoice 5330e Firmware 2024-11-21 N/A
The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in the affected devices and probably remote code execution.
CVE-2018-12901 1 Mitel 2 St, St Firmware 2024-11-21 N/A
A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts.
CVE-2017-16251 1 Mitel 1 St14.2 2024-11-21 N/A
A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.
CVE-2017-16250 1 Mitel 1 St14.2 2024-11-21 N/A
A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names.
CVE-2016-6562 1 Mitel 1 Shortel Mobility Client 2024-11-21 N/A
On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.
CVE-2014-0160 13 Broadcom, Canonical, Debian and 10 more 37 Symantec Messaging Gateway, Ubuntu Linux, Debian Linux and 34 more 2024-11-21 7.5 High
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVE-2008-6797 1 Mitel 1 Mitel Nupoint Messenger 2024-11-21 N/A
The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2004-0945 1 Mitel 1 Mitel 3300 Integrated Communication Platform 2024-11-20 N/A
The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 allows remote authenticated users to cause a denial of service (resource exhaustion) via a large number of active sessions, which exceeds ICP's maximum.
CVE-2004-0944 1 Mitel 1 Mitel 3300 Integrated Communication Platform 2024-11-20 N/A
The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie.
CVE-2024-30160 1 Mitel 1 Micollab 2024-11-12 4.8 Medium
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.
CVE-2024-30159 1 Mitel 1 Micollab 2024-11-12 4.8 Medium
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.
CVE-2024-35314 1 Mitel 2 Micollab, Mivoice Business Solutions Virtual Instance 2024-11-08 9.8 Critical
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts.
CVE-2024-30158 1 Mitel 1 Micollab 2024-10-25 7.2 High
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations.
CVE-2024-41712 1 Mitel 1 Micollab 2024-10-23 6.6 Medium
A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user.
CVE-2024-35315 1 Mitel 2 Micollab, Mivoice Business 2024-10-23 5.6 Medium
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges.