Vulnerabilities > Mitel > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2022-26143 | Missing Authentication for Critical Function vulnerability in Mitel Micollab and Mivoice Business Express The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). | 9.8 |
| 2021-08-13 | CVE-2021-32071 | Unspecified vulnerability in Mitel Micollab The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. | 9.8 |
| 2021-08-13 | CVE-2021-3352 | Unspecified vulnerability in Mitel Micontact Center Business The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens. | 9.1 |
| 2021-03-29 | CVE-2021-26714 | Unspecified vulnerability in Mitel Micontact Center Enterprise 9.3 The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. | 9.8 |
| 2021-01-29 | CVE-2020-35547 | Unspecified vulnerability in Mitel Micollab A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data. | 9.1 |
| 2020-09-25 | CVE-2020-24594 | Cross-site Scripting vulnerability in Mitel Micloud Management Portal 5.3/6.0/6.1 Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. | 9.6 |
| 2020-04-17 | CVE-2020-10377 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mitel Mivoice Connect and Mivoice Connect Client A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. | 9.8 |
| 2020-04-17 | CVE-2020-10211 | Improper Input Validation vulnerability in Mitel Mivoice Connect and Mivoice Connect Client A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. | 9.8 |
| 2020-03-02 | CVE-2019-19608 | SQL Injection vulnerability in Mitel Micollab Audio, web & Video Conferencing A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. | 9.8 |
| 2020-03-02 | CVE-2019-19607 | SQL Injection vulnerability in Mitel Micollab Audio, web & Video Conferencing A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. | 9.8 |