Vulnerabilities > Mitel > CMG Suite > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-25 | CVE-2018-18285 | SQL Injection vulnerability in Mitel CMG Suite 8.4 SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. | 9.8 |
| 2019-04-25 | CVE-2018-18286 | SQL Injection vulnerability in Mitel CMG Suite 8.4 SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. | 9.8 |
| 2019-04-02 | CVE-2018-19275 | Insecure Default Initialization of Resource vulnerability in Mitel CMG Suite and Inattend The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system. | 9.8 |