Mitel MiCollab AWV Authentication Bypass Vulnerability

Mitel MiCollab AWV is an application for managing audio, web and video conferencing from Mitel Networks Canada. An authentication bypass vulnerability exists in Mitel MiCollab AWV versions prior to 8.1.2.4 and 9.x versions prior to 9.1.3. The vulnerability is related to an error in the publishing...

CVE-2020-11797

An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit...

CVE-2020-11797

An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit...

Mitel Networks MiCollab AWV Path Traversal Vulnerability

Mitel Networks MiCollab AWV is an application for managing audio, web and video conferencing from Mitel Networks Canada. A path traversal vulnerability exists in the web conference component in Mitel Networks MiCollab AWV versions prior to 8.1.2.4 and 9.x versions prior to 9.1.3, which stems from...

Directory traversal

A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit...

PT-2020-12854 · Mitel · Mitel Micollab Awv

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab AWV versions prior to 8.1.2.4 Mitel MiCollab AWV versions 9.x prior to 9.1.3 Description: A Directory Traversal issue in the web conference component could allow an attacker to access arbitrary files from restricted directories...

CVE-2020-11798

A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit...

CVE-2020-11798

CVE-2020-11798 affects Mitel MiCollab AWV’s web conference component. Versions prior to 8.1.2.4 and 9.x prior to 9.1.3 are vulnerable to a Directory Traversal flaw caused by insufficient access validation, allowing an attacker to access arbitrary files in restricted server directories via a craft...

CVE-2019-19607

A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the databas...

CVE-2019-19608

A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from th...

CVE-2019-19607

CVE-2019-19607 affects Mitel MiCollab AWV prior to 8.1.2.2, with a SQL injection in the web conferencing component due to insufficient input validation on the session parameter. The vulnerability is unauthenticated and could allow an attacker to extract sensitive data from the database and execut...

CVE-2019-19607

A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the databas...

CVE-2019-19371

A cross-site scripting XSS vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation in the join meeting interface. A successful exploit could...

CVE-2019-19371

CVE-2019-19371: A reflected XSS in the Mitel MiCollab AWV web conferencing component (version before 8.1.2.2) allows an unauthenticated attacker to execute arbitrary scripts via the join meeting interface due to insufficient input validation. Affected product: Mitel MiCollab AWV