Filtered by vendor Mitel
Subscribe
Total
135 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-67823 | 1 Mitel | 2 Cx, Micontact Center Business | 2026-01-23 | N/A | 8.2 HIGH |
|
A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction where the email channel is enabled. This could allow an attacker to execute arbitrary scripts in the victim's browser or desktop client application.
|
|||||
| CVE-2025-67822 | 1 Mitel | 1 Mivoice Mx-one | 2026-01-21 | N/A | 9.4 CRITICAL |
|
A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanisms. A successful exploit could allow an attacker to gain unauthorized access to user or admin accounts in the system.
|
|||||
| CVE-2024-41710 | 1 Mitel | 30 6863i Sip, 6863i Sip Firmware, 6865i Sip and 27 more | 2025-11-05 | N/A | 7.2 HIGH |
|
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.
|
|||||
| CVE-2024-55550 | 1 Mitel | 1 Micollab | 2025-11-04 | N/A | 2.7 LOW |
|
Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.
|
|||||
| CVE-2024-41713 | 1 Mitel | 1 Micollab | 2025-11-04 | N/A | 9.1 CRITICAL |
|
A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.
|
|||||
| CVE-2020-10211 | 1 Mitel | 1 Mivoice Connect | 2025-11-03 | 7.5 HIGH | 9.8 CRITICAL |
|
A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. A successful exploit could allow an attacker to gain access to sensitive information.
|
|||||
| CVE-2020-10377 | 1 Mitel | 1 Mivoice Connect Client | 2025-11-03 | 5.0 MEDIUM | 9.8 CRITICAL |
|
A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials.
|
|||||
| CVE-2023-25599 | 1 Mitel | 1 Mivoice Connect | 2025-11-03 | N/A | 7.4 HIGH |
|
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts.
|
|||||
| CVE-2022-41223 | 1 Mitel | 1 Mivoice Connect | 2025-11-03 | N/A | 6.8 MEDIUM |
|
The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.
|
|||||
| CVE-2022-40765 | 1 Mitel | 1 Mivoice Connect | 2025-11-03 | N/A | 6.8 MEDIUM |
|
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.
|
|||||
| CVE-2022-29499 | 1 Mitel | 1 Mivoice Connect | 2025-11-03 | 10.0 HIGH | 9.8 CRITICAL |
|
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.
|
|||||
| CVE-2020-12456 | 1 Mitel | 1 Mivoice Connect Client | 2025-11-03 | 6.5 MEDIUM | 8.8 HIGH |
|
A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform directory traversal, and execute arbitrary scripts in the context of the Connect client.
|
|||||
| CVE-2022-26143 | 1 Mitel | 2 Micollab, Mivoice Business Express | 2025-11-03 | 9.0 HIGH | 9.8 CRITICAL |
|
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.
|
|||||
| CVE-2014-0160 | 13 Broadcom, Canonical, Debian and 10 more | 35 Symantec Messaging Gateway, Ubuntu Linux, Debian Linux and 32 more | 2025-10-22 | 5.0 MEDIUM | 7.5 HIGH |
|
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
|
|||||
| CVE-2025-52914 | 1 Mitel | 1 Micollab | 2025-08-08 | N/A | 8.8 HIGH |
|
A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands.
|
|||||
| CVE-2024-35287 | 1 Mitel | 1 Micollab | 2025-07-07 | N/A | 6.7 MEDIUM |
|
A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges.
|
|||||
| CVE-2024-35286 | 1 Mitel | 1 Micollab | 2025-07-07 | N/A | 9.8 CRITICAL |
|
A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations.
|
|||||
| CVE-2024-35285 | 1 Mitel | 1 Micollab | 2025-07-07 | N/A | 9.8 CRITICAL |
|
A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization.
|
|||||
| CVE-2024-35314 | 1 Mitel | 2 Micollab, Mivoice Business Solution Virtual Instance | 2025-07-07 | N/A | 9.8 CRITICAL |
|
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts.
|
|||||
| CVE-2024-35315 | 1 Mitel | 2 Micollab, Mivoice Business Solution Virtual Instance | 2025-07-07 | N/A | 5.6 MEDIUM |
|
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges.
|
|||||
| CVE-2024-47912 | 1 Mitel | 1 Micollab | 2025-07-07 | N/A | 8.2 HIGH |
|
A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A successful exploit could allow an attacker to access and delete sensitive information.
|
|||||
| CVE-2024-47223 | 1 Mitel | 1 Micollab | 2025-07-07 | N/A | 9.4 CRITICAL |
|
A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access non-sensitive user provisioning information and execute arbitrary SQL database commands.
|
|||||
| CVE-2024-47189 | 1 Mitel | 1 Micollab | 2025-07-07 | N/A | 7.7 HIGH |
|
The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of specific details to access non-sensitive user provisioning information and execute arbitrary SQL database commands.
|
|||||
| CVE-2024-41712 | 1 Mitel | 1 Micollab | 2025-06-24 | N/A | 6.6 MEDIUM |
|
A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user.
|
|||||
| CVE-2024-41714 | 1 Mitel | 2 Micollab, Mivoice Business Solution Virtual Instance | 2025-06-24 | N/A | 8.8 HIGH |
|
A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system.
|
|||||
| CVE-2024-47224 | 1 Mitel | 1 Micollab | 2025-06-24 | N/A | 6.5 MEDIUM |
|
A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack.
|
|||||
| CVE-2024-28066 | 1 Mitel | 28 6905, 6905 Firmware, 6910 and 25 more | 2025-06-18 | N/A | 8.8 HIGH |
|
In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).
|
|||||
| CVE-2024-28069 | 1 Mitel | 1 Micontact Center Business | 2025-06-02 | N/A | 7.5 HIGH |
|
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component.
|
|||||
| CVE-2024-28070 | 1 Mitel | 1 Micontact Center Business | 2025-06-02 | N/A | 6.8 MEDIUM |
|
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access.
|
|||||
| CVE-2024-42514 | 1 Mitel | 1 Micontact Center Business | 2025-05-30 | N/A | 8.1 HIGH |
|
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session.
|
|||||
| CVE-2024-35283 | 1 Mitel | 1 Micontact Center Business | 2025-05-29 | N/A | 6.1 MEDIUM |
|
A vulnerability in the Ignite component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a stored cross-site scripting (XSS) attack due to insufficient input validation.
|
|||||
| CVE-2024-35284 | 1 Mitel | 1 Micontact Center Business | 2025-05-29 | N/A | 5.4 MEDIUM |
|
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation.
|
|||||
| CVE-2023-40266 | 1 Mitel | 1 Unify Openscape Xpressions Webassistant | 2025-05-15 | N/A | 9.8 CRITICAL |
|
An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal.
|
|||||
| CVE-2023-40265 | 1 Mitel | 1 Unify Openscape Xpressions Webassistant | 2025-05-15 | N/A | 8.8 HIGH |
|
An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload.
|
|||||
| CVE-2022-36454 | 1 Mitel | 1 Micollab | 2025-05-07 | N/A | 6.5 MEDIUM |
|
A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name.
|
|||||
| CVE-2022-36453 | 1 Mitel | 1 Micollab | 2025-05-07 | N/A | 8.8 HIGH |
|
A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number.
|
|||||
| CVE-2022-36452 | 1 Mitel | 1 Micollab | 2025-05-07 | N/A | 9.8 CRITICAL |
|
A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application.
|
|||||
| CVE-2022-36451 | 1 Mitel | 1 Micollab | 2025-05-07 | N/A | 8.8 HIGH |
|
A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server.
|
|||||
| CVE-2022-41326 | 1 Mitel | 1 Micollab | 2025-04-29 | N/A | 9.8 CRITICAL |
|
The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application.
|
|||||
| CVE-2008-6797 | 1 Mitel | 1 Mitel Nupoint Messenger | 2025-04-09 | 7.8 HIGH | N/A |
|
The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network.
|
|||||