Vulnerabilities > Mitel > Micollab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-10 | CVE-2024-55550 | Path Traversal vulnerability in Mitel Micollab Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. | 2.7 |
| 2024-10-21 | CVE-2024-30157 | SQL Injection vulnerability in Mitel Micollab A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. | 7.2 |
| 2024-10-21 | CVE-2024-30158 | SQL Injection vulnerability in Mitel Micollab A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. | 7.2 |
| 2024-10-21 | CVE-2024-30159 | Cross-site Scripting vulnerability in Mitel Micollab A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. | 4.8 |
| 2024-10-21 | CVE-2024-30160 | Cross-site Scripting vulnerability in Mitel Micollab A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. | 4.8 |
| 2024-10-21 | CVE-2024-41713 | Path Traversal vulnerability in Mitel Micollab A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. | 9.1 |
| 2023-04-14 | CVE-2023-25597 | Improper Authentication vulnerability in Mitel Micollab A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. | 5.9 |
| 2022-11-22 | CVE-2022-41326 | Unspecified vulnerability in Mitel Micollab The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. | 9.8 |
| 2022-10-25 | CVE-2022-36452 | Unrestricted Upload of File with Dangerous Type vulnerability in Mitel Micollab A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. | 9.8 |
| 2022-10-25 | CVE-2022-36451 | Server-Side Request Forgery (SSRF) vulnerability in Mitel Micollab A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. | 8.8 |