Vulnerabilities > Mitel > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-26 | CVE-2020-12456 | Path Traversal vulnerability in Mitel Mivoice Connect A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. | 8.8 |
| 2020-08-26 | CVE-2020-11797 | Unspecified vulnerability in Mitel Micollab Audio, web & Video Conferencing An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. | 7.5 |
| 2020-08-26 | CVE-2020-13863 | Injection vulnerability in Mitel Micollab The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. | 8.1 |
| 2020-08-26 | CVE-2020-13617 | Improper Restriction of Excessive Authentication Attempts vulnerability in Mitel products The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts. | 7.5 |
| 2018-07-13 | CVE-2016-6562 | Improper Certificate Validation vulnerability in Mitel Shortel Mobility Client 9.1.3.109 On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials. | 7.5 |
| 2018-03-13 | CVE-2017-16251 | Unrestricted Upload of File with Dangerous Type vulnerability in Mitel St14.2 Ga28 A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. | 8.8 |
| 2014-04-07 | CVE-2014-0160 | Out-of-bounds Read vulnerability in multiple products The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | 7.5 |