VYPR

MiContact Center Business

by Mitel

CVEs (13)

  • CVE-2021-3352CriAug 13, 2021
    risk 0.59cvss 9.1epss 0.01

    The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens.

  • CVE-2024-42514HigOct 1, 2024
    risk 0.53cvss 8.1epss 0.00

    A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could…

  • CVE-2024-28069HigMar 16, 2024
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive…

  • CVE-2023-22854HigFeb 13, 2023
    risk 0.49cvss 7.5epss 0.01

    The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.

  • CVE-2025-27828HigJun 24, 2025
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4, 10.1.0.0 through 10.1.0.5, and 10.2.0.0 through 10.2.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input…

  • CVE-2025-27827HigJun 24, 2025
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper handling of session data. A successful exploit requires user interaction and could…

  • CVE-2020-24692HigSep 25, 2020
    risk 0.46cvss 7.1epss 0.00

    The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.

  • CVE-2024-28070MedMar 16, 2024
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to…

  • CVE-2020-9379MedFeb 25, 2020
    risk 0.42cvss 6.5epss 0.01

    The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to user conversations.

  • CVE-2024-35283MedMay 29, 2024
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in the Ignite component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a stored cross-site scripting (XSS) attack due to insufficient input validation.

  • CVE-2024-35284MedMay 29, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation.

  • CVE-2020-24693LowDec 18, 2020
    risk 0.21cvss 3.3epss 0.00

    The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization.

  • CVE-2025-67823Jan 15, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input validation. A successful exploit…