cbcvebase.

Mitel Micollab vulnerabilities

47 known vulnerabilities affecting mitel/micollab.

Total CVEs
47
CISA KEV
4
actively exploited
Public exploits
5
Exploited in wild
5
Severity breakdown
CRITICAL11HIGH11MEDIUM23LOW2

Vulnerabilities

Page 1 of 3
CVE-2024-41713P1CRITICALCVSS 9.1KEVPoCRansomware≤ 9.8.1.2012024-10-21
CVE-2024-41713 [CRITICAL] CWE-22 CVE-2024-41713: A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 F A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and s
nvd
CVE-2014-0160P1HIGHCVSS 7.5KEVPoCv6.0v7.0+4 more2014-04-07
CVE-2014-0160 [HIGH] CWE-125 CVE-2014-0160: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heart The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed b
nvd
CVE-2022-26143P1CRITICALCVSS 9.8KEVPoCfixed in 9.4v9.42022-03-10
CVE-2022-26143 [CRITICAL] CWE-306 CVE-2022-26143: The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Expres The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attac
nvd
CVE-2024-55550P2LOWCVSS 2.7KEVPoCRansomware≤ 9.8.1.2012024-12-10
CVE-2024-55550 [LOW] CWE-22 CVE-2024-55550: Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege t Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive syste
nvd
CVE-2024-35286P1CRITICALCVSS 9.8ExploitedPoC≤ 9.8.0.332024-10-21
CVE-2024-35286 [CRITICAL] CWE-89 CVE-2024-35286: A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthentica A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations.
nvd
CVE-2024-35314P2CRITICALCVSS 9.8≤ 9.7.1.1102024-10-21
CVE-2024-35314 [CRITICAL] CWE-94 CVE-2024-35314: A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solu A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute
nvd
CVE-2024-35285P2CRITICALCVSS 9.8≤ 9.8.0.332024-10-21
CVE-2024-35285 [CRITICAL] CWE-77 CVE-2024-35285: A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthentica A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization.
nvd
CVE-2022-41326P2CRITICALCVSS 9.8≤ 9.6.0.1052022-11-22
CVE-2022-41326 [CRITICAL] CWE-862 CVE-2022-41326: The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated att The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application.
nvd
CVE-2019-12165P2CRITICALCVSS 9.8≥ 7.1, ≤ 7.1.0.57≥ 7.2, ≤ 7.2.2.13+1 more2019-05-29
CVE-2019-12165 [CRITICAL] CVE-2019-12165: MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful exploit of this vulnerability could allow an attacker to execute arbitrary system commands.
nvd
CVE-2024-41714P2HIGHCVSS 8.8≤ 9.8.1.52024-10-21
CVE-2024-41714 [HIGH] CWE-94 CVE-2024-41714: A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoi A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary c
nvd
CVE-2024-47223P2CRITICALCVSS 9.4≤ 9.8.1.2012024-10-21
CVE-2024-47223 [CRITICAL] CWE-89 CVE-2024-47223: A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9 A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access non-sensitive user provisioning information and ex
nvd
CVE-2022-36452P2CRITICALCVSS 9.8fixed in 9.62022-10-25
CVE-2022-36452 [CRITICAL] CWE-434 CVE-2022-36452: A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application.
nvd
CVE-2025-52914P2HIGHCVSS 8.8fixed in 9.8.3.103≥ 10.0.0.26, < 10.1.0.102025-08-08
CVE-2025-52914 [HIGH] CWE-89 CVE-2025-52914: A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands.
nvd
CVE-2020-35547P3CRITICALCVSS 9.1≤ 9.22021-01-29
CVE-2020-35547 [CRITICAL] CVE-2020-35547: A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenti A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data.
nvd
CVE-2021-32071P3CRITICALCVSS 9.8fixed in 9.32021-08-13
CVE-2021-32071 [CRITICAL] CVE-2021-32071: The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users.
nvd
CVE-2022-36451P3HIGHCVSS 8.8≤ 9.5.0.1012022-10-25
CVE-2022-36451 [HIGH] CWE-918 CVE-2022-36451: A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could al A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server.
nvd
CVE-2024-47189P3HIGHCVSS 7.7≤ 9.8.1.2012024-10-21
CVE-2024-47189 [HIGH] CWE-89 CVE-2024-47189: The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of specific details to access non-sensitive user provisi
nvd
CVE-2022-36453P3HIGHCVSS 8.8≥ 9.1.3, ≤ 9.5.0.1012022-10-25
CVE-2022-36453 [HIGH] CWE-285 CVE-2022-36453: A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number.
nvd
CVE-2024-47912P3HIGHCVSS 8.2≤ 9.8.1.2012024-10-21
CVE-2024-47912 [HIGH] CWE-306 CVE-2024-47912: A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A successful exploit could allow an attacker to access and delete sensitive information.
nvd
CVE-2024-30158P3HIGHCVSS 7.2≤ 9.7.1.1102024-10-21
CVE-2024-30158 [HIGH] CWE-89 CVE-2024-30158: A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations.
nvd
Mitel Micollab vulnerabilities | cvebase