VYPR

Vendor CVEs

Mitel

All CVEs

155 total · sorted by risk
  • CVE-2018-12901Oct 23, 2018
    risk 0.00cvss epss 0.01

    A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit…

  • CVE-2018-16226Oct 23, 2018
    risk 0.00cvss epss 0.01

    A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful…

  • CVE-2008-6797May 7, 2009
    risk 0.00cvss epss 0.02

    The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2004-0945Feb 28, 2005
    risk 0.00cvss epss 0.02

    The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 allows remote authenticated users to cause a denial of service (resource exhaustion) via a large number of active sessions, which exceeds ICP's maximum.

  • CVE-2004-0944Feb 28, 2004
    risk 0.00cvss epss 0.01

    The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie.

Page 4 of 4