Vulnerabilities > Mitel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-13 | CVE-2017-16250 | Information Exposure vulnerability in Mitel St14.2 Ga28 A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names. | 5.0 |
| 2014-04-07 | CVE-2014-0160 | Out-of-bounds Read vulnerability in multiple products The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | 7.5 |
| 2009-05-07 | CVE-2008-6797 | Cryptographic Issues vulnerability in Mitel Nupoint Messenger R11/R3 The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network. | 7.8 |
| 2005-02-28 | CVE-2004-0945 | Denial-Of-Service vulnerability in Mitel 3300 Integrated Communication Platform The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 allows remote authenticated users to cause a denial of service (resource exhaustion) via a large number of active sessions, which exceeds ICP's maximum. | 5.0 |
| 2004-02-28 | CVE-2004-0944 | The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie. | 5.0 |