Vulnerabilities > Mitel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-25 | CVE-2018-18285 | SQL Injection vulnerability in Mitel CMG Suite 8.4 SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. | 9.8 |
| 2019-04-25 | CVE-2018-18286 | SQL Injection vulnerability in Mitel CMG Suite 8.4 SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. | 9.8 |
| 2019-04-02 | CVE-2018-19275 | Insecure Default Initialization of Resource vulnerability in Mitel CMG Suite and Inattend The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system. | 9.8 |
| 2019-03-06 | CVE-2019-9593 | Cross-site Scripting vulnerability in Mitel Connect Onsite 18.82.2000.0 A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 6.1 |
| 2019-03-06 | CVE-2019-9592 | Cross-site Scripting vulnerability in Mitel Connect Onsite 19.45.1602.0 A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 6.1 |
| 2019-03-06 | CVE-2019-9591 | Cross-site Scripting vulnerability in Mitel Connect Onsite 18.82.2000.0/19.45.1602.0 A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter. | 6.1 |
| 2018-10-23 | CVE-2018-16226 | Cross-site Scripting vulnerability in Mitel Mivoice Office 400 R5.0 A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. | 6.1 |
| 2018-10-23 | CVE-2018-15497 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mitel Mivoice 5330E Firmware 6.5.0.16 The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. | 9.8 |
| 2018-10-23 | CVE-2018-12901 | Cross-site Scripting vulnerability in Mitel ST Firmware A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. | 6.1 |
| 2018-07-13 | CVE-2016-6562 | Improper Certificate Validation vulnerability in Mitel Shortel Mobility Client 9.1.3.109 On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials. | 7.5 |