Mitel

Micollab

49 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2021-32068

  • EPSS 0.19%
  • Veröffentlicht 13.08.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:06:47

The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful explo...

6.5

CVE-2021-32067

  • EPSS 0.2%
  • Veröffentlicht 13.08.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:06:47

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization.

6.5

CVE-2021-27402

  • EPSS 0.3%
  • Veröffentlicht 13.08.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 05:57:55

The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal.

6.1

CVE-2021-27401

  • EPSS 0.28%
  • Veröffentlicht 13.08.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 05:57:55

The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS).

9.1

CVE-2020-35547

  • EPSS 0.37%
  • Veröffentlicht 29.01.2021 07:15:18
  • Zuletzt bearbeitet 21.11.2024 05:27:32

A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data.

4.9

CVE-2020-25612

  • EPSS 0.3%
  • Veröffentlicht 18.12.2020 08:15:14
  • Zuletzt bearbeitet 21.11.2024 05:18:14

The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow an attacker to gain access to sensitive informatio...

6.1

CVE-2020-25606

  • EPSS 0.36%
  • Veröffentlicht 18.12.2020 08:15:14
  • Zuletzt bearbeitet 21.11.2024 05:18:13

The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS.

7.2

CVE-2020-25608

  • EPSS 0.38%
  • Veröffentlicht 18.12.2020 08:15:14
  • Zuletzt bearbeitet 21.11.2024 05:18:13

The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection.

5.4

CVE-2020-25609

  • EPSS 0.5%
  • Veröffentlicht 18.12.2020 08:15:14
  • Zuletzt bearbeitet 21.11.2024 05:18:13

The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data.

5.3

CVE-2020-25610

  • EPSS 0.24%
  • Veröffentlicht 18.12.2020 08:15:14
  • Zuletzt bearbeitet 21.11.2024 05:18:13

The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes.