74 matches found
CVE-2025-52914
A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 10.0.1.101 could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQ...
Mitel MiCollab 安全漏洞
Mitel MiCollab is a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees from Mitel Canada. A security vulnerability exists in Mitel MiCollab version 9.8.2.12 and earlier, which stems from insufficient input validation of the NuPoint...
Mitel MiCollab SQL注入漏洞
Mitel MiCollab is a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees from Mitel Canada. A SQL injection vulnerability exists in Mitel MiCollab version 10.0.1.101 and earlier, which stems from insufficient input validation of the...
CVE-2024-30158
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute...
VulnCheck KEV: CVE-2024-55550
Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated,...
CVE-2024-55550
Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access...
Mitel MiCollab 安全漏洞
Mitel MiCollab is a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees from Mitel Canada. A security vulnerability exists in Mitel MiCollab that stems from insufficient input cleanup. An authenticated attacker with administrator...
VulnCheck KEV: CVE-2024-35286
A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...
VulnCheck KEV: CVE-2024-41713
Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server...
Vulnerabilities fixed in Mitel MiCollab
Mitel has fixed vulnerabilities in Mitel MiCollab Specifically the Unified Messaging and Conferencing components. The vulnerabilities are in the way Mitel MiCollab components handle user input. An attacker can exploit these vulnerabilities to gain unauthorized access to user data and system...
PT-2024-15285 · Undefined · Undefined
CVE-2024-00000 CVE-2024-41713 Mitel MiCollab Authentication Bypass to Arbitrary File Read See our blog post for technical details ... https://t.co/49Tda7WsQU...
CVE-2024-41714
A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 9.8.1.5 and MiVoice Business Solution Virtual Instance MiVB SVI through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful...
CVE-2024-41712
A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system...
CVE-2024-47224
A vulnerability in the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perfo...
CVE-2024-30160
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting XSS attack due to insufficient validation of user input. A successful exploit could allow ...
CVE-2024-35285
A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization...
CVE-2024-35287
A vulnerability in the NuPoint Messenger NPM component of Mitel MiCollab through version 9.8 SP1 9.8.1.5 could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploi...
CVE-2024-30159
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting XSS attack due to insufficient validation of user input. A successful exploit could allow an attacker...
CVE-2024-35315
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance MiVB SVI 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker...
CVE-2024-30158
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute...