Vulnerabilities > Mitel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-13 | CVE-2021-27402 | Path Traversal vulnerability in Mitel Micollab The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal. | 6.4 |
| 2021-08-13 | CVE-2021-32067 | Improper Encoding or Escaping of Output vulnerability in Mitel Micollab The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization. | 6.4 |
| 2021-08-13 | CVE-2021-32068 | Allocation of Resources Without Limits or Throttling vulnerability in Mitel Micollab The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. | 4.3 |
| 2021-08-13 | CVE-2021-32069 | Improper Certificate Validation vulnerability in Mitel Micollab The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. | 5.8 |
| 2021-08-13 | CVE-2021-32070 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitel Micollab The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. | 5.8 |
| 2021-08-13 | CVE-2021-32071 | Unspecified vulnerability in Mitel Micollab The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. | 7.5 |
| 2021-08-13 | CVE-2021-32072 | Improper Encoding or Escaping of Output vulnerability in Mitel Micollab The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitization. | 4.0 |
| 2021-08-13 | CVE-2021-37586 | Improper Input Validation vulnerability in Mitel Interaction Recording 6.6 The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant due to insufficient validation. | 4.0 |
| 2021-08-13 | CVE-2021-3352 | Unspecified vulnerability in Mitel Micontact Center Business The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens. | 6.4 |
| 2021-03-29 | CVE-2021-26714 | Path Traversal vulnerability in Mitel Micontact Center Enterprise 9.3 The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. | 7.5 |