VYPR

Micollab

by Mitel

CVEs (53)

  • CVE-2014-0160HigKEVApr 7, 2014
    risk 0.72cvss 7.5epss 1.00

    The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by…

  • CVE-2025-52913CriAug 8, 2025
    risk 0.64cvss 9.8epss 0.00

    A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow unauthorized access,…

  • CVE-2018-3639MedMay 22, 2018
    risk 0.44cvss 5.5epss 0.61

    Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis,…

  • CVE-2024-41713KEVOct 21, 2024
    risk 0.26cvss epss 0.98

    A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized…

  • CVE-2024-55550KEVDec 10, 2024
    risk 0.19cvss epss 0.38

    Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to…

  • CVE-2022-26143KEVMar 9, 2022
    risk 0.19cvss epss 0.88

    The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in…

  • CVE-2020-11798Jun 10, 2020
    risk 0.10cvss epss 0.45

    A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A…

  • CVE-2024-35286Oct 21, 2024
    risk 0.05cvss epss 0.66

    A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and…

  • CVE-2025-52914Aug 8, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to…

  • CVE-2024-47189Oct 21, 2024
    risk 0.00cvss epss 0.00

    The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an…

  • CVE-2024-30157Oct 21, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow…

  • CVE-2024-35315Oct 21, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit…

  • CVE-2024-35287Oct 21, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary…

  • CVE-2024-35314Oct 21, 2024
    risk 0.00cvss epss 0.02

    A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful…

  • CVE-2024-41712Oct 21, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary…

  • CVE-2024-30158Oct 21, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker…

  • CVE-2024-30159Oct 21, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit…

  • CVE-2024-35285Oct 21, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization.

  • CVE-2024-47224Oct 21, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could…

  • CVE-2024-30160Oct 21, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful…

Page 1 of 3