Vulnerabilities > Mitel > Micollab > 9.6.2.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-10 | CVE-2024-55550 | Path Traversal vulnerability in Mitel Micollab Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. | 2.7 |
| 2024-10-21 | CVE-2024-30157 | SQL Injection vulnerability in Mitel Micollab A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. | 7.2 |
| 2024-10-21 | CVE-2024-30158 | SQL Injection vulnerability in Mitel Micollab A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. | 7.2 |
| 2024-10-21 | CVE-2024-30159 | Cross-site Scripting vulnerability in Mitel Micollab A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. | 4.8 |
| 2024-10-21 | CVE-2024-30160 | Cross-site Scripting vulnerability in Mitel Micollab A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. | 4.8 |
| 2024-10-21 | CVE-2024-41713 | Path Traversal vulnerability in Mitel Micollab A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. | 9.1 |
| 2023-04-14 | CVE-2023-25597 | Improper Authentication vulnerability in Mitel Micollab A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. | 5.9 |