Security News > 2025 > January > Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers
2025-01-08 12:12
CISA has added Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The Mitel MiCollab vulnerabilities exploited Mitel MiCollab is a popular enterprise collaboration suite. CVE-2024-41713 and CVE-2024-55550 are both path traversal vulnerabilities. The former is exploitable without authentication, and may allow an attacker to gain access “to provisioning information including non-sensitive user and network information and perform unauthorized administrative actions on the MiCollab Server.” The latter … More → The post Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers appeared first on Help Net Security.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-10 | CVE-2024-55550 | Path Traversal vulnerability in Mitel Micollab Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. | 2.7 |
| 2024-10-21 | CVE-2024-41713 | Path Traversal vulnerability in Mitel Micollab A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. | 9.1 |
| 2020-04-15 | CVE-2020-2883 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 9.8 |