Vulnerabilities > Mitel

DATE CVE VULNERABILITY TITLE RISK
2019-04-25 CVE-2018-18285 SQL Injection vulnerability in Mitel CMG Suite 8.4
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface.
network
low complexity
mitel CWE-89
7.5
2019-04-25 CVE-2018-18286 SQL Injection vulnerability in Mitel CMG Suite 8.4
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface.
network
low complexity
mitel CWE-89
7.5
2019-04-02 CVE-2018-19275 Insecure Default Initialization of Resource vulnerability in Mitel CMG Suite and Inattend
The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system.
network
low complexity
mitel CWE-1188
critical
10.0
2019-03-06 CVE-2019-9593 Cross-site Scripting vulnerability in Mitel Connect Onsite 18.82.2000.0
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
network
low complexity
mitel CWE-79
6.1
2019-03-06 CVE-2019-9592 Cross-site Scripting vulnerability in Mitel Connect Onsite 19.45.1602.0
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
network
low complexity
mitel CWE-79
6.1
2019-03-06 CVE-2019-9591 Cross-site Scripting vulnerability in Mitel Connect Onsite 18.82.2000.0/19.45.1602.0
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter.
network
low complexity
mitel CWE-79
6.1
2018-10-23 CVE-2018-16226 Cross-site Scripting vulnerability in Mitel Mivoice Office 400 R5.0
A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page.
network
mitel CWE-79
4.3
2018-10-23 CVE-2018-15497 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mitel Mivoice 5330E Firmware
The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality.
network
low complexity
mitel CWE-119
critical
10.0
2018-10-23 CVE-2018-12901 Cross-site Scripting vulnerability in Mitel ST Firmware
A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page.
network
mitel CWE-79
4.3
2018-07-13 CVE-2016-6562 Improper Certificate Validation vulnerability in Mitel Shortel Mobility Client 9.1.3.109
On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.
2.9