Mitel Mitel Mitel Networks Corporation is a Telecommunications company based in Canada

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Mitel product.

RSS Feeds for Mitel security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Mitel products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Mitel Sorted by Most Security Vulnerabilities since 2018

Mitel Micollab37 vulnerabilities

Mitel Mivoice Connect25 vulnerabilities

Mitel Mivoice Office 4003 vulnerabilities

Mitel Mivoice Mx One1 vulnerability

Mitel 6869i Sip Firmware1 vulnerability

Known Exploited Mitel Vulnerabilities

The following Mitel vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Mitel SIP Phones Argument Injection Vulnerability Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the context of the system.
CVE-2024-41710 Exploit Probability: 8.9%
February 12, 2025
Mitel MiCollab Path Traversal Vulnerability Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server.
CVE-2024-55550 Exploit Probability: 15.0%
January 7, 2025
Mitel MiCollab Path Traversal Vulnerability Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server.
CVE-2024-41713 Exploit Probability: 93.9%
January 7, 2025
Mitel MiVoice Connect Code Injection Vulnerability The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.
CVE-2022-41223 Exploit Probability: 3.8%
February 21, 2023
Mitel MiVoice Connect Command Injection Vulnerability The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.
CVE-2022-40765 Exploit Probability: 2.7%
February 21, 2023
Mitel MiVoice Connect Data Validation Vulnerability The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.
CVE-2022-29499 Exploit Probability: 89.8%
June 27, 2022
MiCollab, MiVoice Business Express Access Control Vulnerability A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.
CVE-2022-26143 Exploit Probability: 64.8%
March 25, 2022

Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. The vulnerability CVE-2022-26143: MiCollab, MiVoice Business Express Access Control Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

By the Year

In 2025 there have been 0 vulnerabilities in Mitel. Last year, in 2024 Mitel had 18 security vulnerabilities published. Right now, Mitel is on track to have less security vulnerabilities in 2025 than it did last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 18 7.20
2023 18 7.16
2022 10 8.67
2021 13 6.94
2020 24 6.91
2019 8 7.85
2018 10 7.56

It may take a day or so for new Mitel vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Mitel Security Vulnerabilities

Mitel MiCollab Insufficient Input Sanitization Local File Read Vulnerability

CVE-2024-55550 2.7 - Low - December 10, 2024

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.

Directory traversal

A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could

CVE-2024-41712 - October 21, 2024

A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user.

A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could

CVE-2024-41714 - October 21, 2024

A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system.

A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could

CVE-2024-47224 - October 21, 2024

A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack.

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could

CVE-2024-41713 9.1 - Critical - October 21, 2024

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.

Directory traversal

A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could

CVE-2024-30157 7.2 - High - October 21, 2024

A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations.

SQL Injection

A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could

CVE-2024-30158 7.2 - High - October 21, 2024

A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations.

SQL Injection

A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could

CVE-2024-30159 4.8 - Medium - October 21, 2024

A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.

XSS

A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could

CVE-2024-30160 4.8 - Medium - October 21, 2024

A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.

XSS

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could

CVE-2024-42514 - October 01, 2024

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session.

The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could

CVE-2024-36446 8.8 - High - August 13, 2024

The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successful exploit could allow an attacker to bypass the authorization schema.

On Mitel 6869i 4.5.0.41 devices

CVE-2024-37570 8.8 - High - June 09, 2024

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution.

Command Injection

A vulnerability in the Ignite component of Mitel MiContact Center Business through 10.0.0.4 could

CVE-2024-35283 - May 29, 2024

A vulnerability in the Ignite component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a stored cross-site scripting (XSS) attack due to insufficient input validation.

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could

CVE-2024-35284 - May 29, 2024

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation.

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could

CVE-2024-28069 - March 16, 2024

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component.

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could

CVE-2024-28070 - March 16, 2024

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access.

An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911

CVE-2023-40265 8.8 - High - February 08, 2024

An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload.

Unrestricted File Upload

An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911

CVE-2023-40266 9.8 - Critical - February 08, 2024

An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal.

Directory traversal

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could

CVE-2023-39285 4.3 - Medium - September 14, 2023

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.

Session Riding

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could

CVE-2023-39286 4.3 - Medium - September 14, 2023

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.

Session Riding

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could

CVE-2023-39287 5.5 - Medium - August 25, 2023

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.

Argument Injection

A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could

CVE-2023-39291 4.9 - Medium - August 25, 2023

A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information.

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could

CVE-2023-39288 5.5 - Medium - August 25, 2023

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.

Argument Injection

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could

CVE-2023-39290 4.9 - Medium - August 25, 2023

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information.

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could

CVE-2023-39289 7.5 - High - August 25, 2023

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper configuration. A successful exploit could allow an attacker to access system information.

A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could

CVE-2023-39293 9.8 - Critical - August 14, 2023

A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system.

Command Injection

A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could

CVE-2023-39292 9.8 - Critical - August 14, 2023

A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations.

SQL Injection

The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could

CVE-2023-32748 9.8 - Critical - August 14, 2023

The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.

AuthZ

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could

CVE-2023-31458 9.8 - Critical - May 24, 2023

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.

A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could

CVE-2023-25599 7.4 - High - May 24, 2023

A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts.

XSS

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could

CVE-2023-31459 8.8 - High - May 24, 2023

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.

Weak Password Recovery Mechanism for Forgotten Password

A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could

CVE-2023-25598 6.1 - Medium - May 24, 2023

A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful exploit could allow an attacker to execute arbitrary scripts.

XSS

A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could

CVE-2023-31457 9.8 - Critical - May 24, 2023

A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.

A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could

CVE-2023-31460 7.2 - High - May 24, 2023

A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters.

Command Injection

A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could

CVE-2023-25597 5.9 - Medium - April 14, 2023

A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to sensitive information.

authentification

The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could

CVE-2023-22854 7.5 - High - February 13, 2023

The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could

CVE-2022-40765 6.8 - Medium - November 22, 2022

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.

Command Injection

The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could

CVE-2022-41223 6.8 - Medium - November 22, 2022

The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.

Code Injection

The web conferencing component of Mitel MiCollab through 9.6.0.13 could

CVE-2022-41326 9.8 - Critical - November 22, 2022

The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application.

A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could

CVE-2022-36452 9.8 - Critical - October 25, 2022

A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application.

Unrestricted File Upload

A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could

CVE-2022-36451 8.8 - High - October 25, 2022

A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server.

SSRF

A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could

CVE-2022-36453 8.8 - High - October 25, 2022

A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number.

A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could

CVE-2022-36454 6.5 - Medium - October 25, 2022

A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name.

A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (

CVE-2022-31784 9.8 - Critical - June 17, 2022

A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters. A successful exploit could allow arbitrary code execution.

Classic Buffer Overflow

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation

CVE-2022-29499 9.8 - Critical - April 26, 2022

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.

Improper Input Validation

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information

CVE-2022-26143 9.8 - Critical - March 10, 2022

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.

Missing Authentication for Critical Function

The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could

CVE-2021-3352 9.1 - Critical - August 13, 2021

The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens.

The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could

CVE-2021-37586 4.9 - Medium - August 13, 2021

The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant due to insufficient validation.

Improper Input Validation

The MiCollab Client Service component in Mitel MiCollab before 9.3 could

CVE-2021-32072 6.5 - Medium - August 13, 2021

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitization. A successful exploit could allow an attacker to view source code methods.

Output Sanitization

The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could

CVE-2021-27401 6.1 - Medium - August 13, 2021

The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS).

XSS

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.