VYPR

Micollab

by Mitel

CVEs (53)

  • CVE-2020-25606Dec 18, 2020
    risk 0.00cvss epss 0.01

    The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS.

  • CVE-2020-25611Dec 18, 2020
    risk 0.00cvss epss 0.01

    The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Successful exploitation could allow an attacker to view user conference information.

  • CVE-2020-25610Dec 18, 2020
    risk 0.00cvss epss 0.01

    The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes.

  • CVE-2020-25612Dec 18, 2020
    risk 0.00cvss epss 0.01

    The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow an attacker to gain access to sensitive information.

  • CVE-2020-11797Aug 26, 2020
    risk 0.00cvss epss 0.01

    An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A…

  • CVE-2020-13767Aug 26, 2020
    risk 0.00cvss epss 0.01

    The Mitel MiCollab application before 9.1.332 for iOS could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS device, and (if successful) could allow an attacker to gain access to sensitive…

  • CVE-2020-13863Aug 26, 2020
    risk 0.00cvss epss 0.01

    The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information.

  • CVE-2019-19608Mar 2, 2020
    risk 0.00cvss epss 0.02

    A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive…

  • CVE-2019-19607Mar 2, 2020
    risk 0.00cvss epss 0.02

    A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive…

  • CVE-2019-19371Mar 2, 2020
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the join meeting interface. A…

  • CVE-2019-19370Mar 2, 2020
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the file…

  • CVE-2018-18819Nov 12, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1…

  • CVE-2019-12165May 29, 2019
    risk 0.00cvss epss 0.03

    MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful exploit of this…

Page 3 of 3