Mitel Micollab vulnerabilities
47 known vulnerabilities affecting mitel/micollab.
Total CVEs
47
CISA KEV
4
actively exploited
Public exploits
5
Exploited in wild
5
Severity breakdown
CRITICAL11HIGH11MEDIUM23LOW2
Vulnerabilities
Page 3 of 3
CVE-2020-25606P4MEDIUMCVSS 6.1fixed in 9.22020-12-18
CVE-2020-25606 [MEDIUM] CWE-20 CVE-2020-25606: The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by
The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS.
nvd
CVE-2021-27401P4MEDIUMCVSS 6.1fixed in 9.2v9.22021-08-13
CVE-2021-27401 [MEDIUM] CWE-79 CVE-2021-27401: The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access
The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS).
nvd
CVE-2021-32070P4MEDIUMCVSS 5.4fixed in 9.32021-08-13
CVE-2021-32070 [MEDIUM] CWE-1021 CVE-2021-32070: The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perfor
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users.
nvd
CVE-2021-32069P4MEDIUMCVSS 4.8fixed in 9.32021-08-13
CVE-2021-32069 [MEDIUM] CWE-295 CVE-2021-32069: The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middl
The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data.
nvd
CVE-2024-30160P4MEDIUMCVSS 4.8≤ 9.7.1.1102024-10-21
CVE-2024-30160 [MEDIUM] CWE-79 CVE-2024-30160: A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 cou
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.
nvd
CVE-2024-30159P4MEDIUMCVSS 4.8≤ 9.7.1.1102024-10-21
CVE-2024-30159 [MEDIUM] CWE-79 CVE-2024-30159: A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.
nvd
CVE-2021-32068P4LOWCVSS 3.7fixed in 9.32021-08-13
CVE-2021-32068 [LOW] CWE-770 CVE-2021-32068: The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker
The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an attacker to modify application data and state.
nvd
← Previous3 / 3