Mitel Micontact Center Business

The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could

CVE-2023-22854 7.5 - High - February 13, 2023

The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.

The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could

CVE-2021-3352 9.1 - Critical - August 13, 2021

The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens.

The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could

CVE-2020-24693 3.3 - Low - December 18, 2020

The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization.

The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could

CVE-2020-24692 7.1 - High - September 25, 2020

The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.

Improper Input Validation

The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276

CVE-2020-9379 6.5 - Medium - February 25, 2020

The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to user conversations.

AuthZ