CVE-2024-47224

A vulnerability in the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perfo...

CVE-2024-47223

A vulnerability in the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access...

CVE-2024-47912

A vulnerability in the AWV Audio, Web, and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A successful exploit could allow an attacker to...

CVE-2024-47912

A vulnerability in the AWV Audio, Web, and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A successful exploit could allow an attacker to...

CVE-2024-47189

The API Interface of the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of...

CVE-2024-47223

A vulnerability in the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access...

CVE-2024-47912

A vulnerability in the AWV Audio, Web, and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A successful exploit could allow an attacker to...

CVE-2024-47189

The API Interface of the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of...

CVE-2024-47912

The CVE-2024-47912 affects Mitel MiCollab’s AWV Conferencing component. Versions before 9.8 SP1 FP2 (9.8.1.201) are vulnerable to an unauthenticated data-access attack due to missing authentication mechanisms, allowing an attacker to access and delete sensitive information. Red Hat and other sour...

CVE-2024-47223

A vulnerability in the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access...

CVE-2024-47224

A vulnerability in the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perfo...

CVE-2024-47189

The API Interface of the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of...

PT-2024-7508 · Mitel · Mitel Micollab

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions prior to 9.8 SP1 FP2 9.8.1.201 Description: A vulnerability in the AWV Conferencing component could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms...

Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal / Local File Inclusion Vulnerability

Exploit Title: Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI Fix Date: 2020-05 Exploit Author: Kahvi-0 Github: https://github.com/Kahvi-0 Vendor Homepage: https://www.mitel.com/ Vendor Security Advisory:...

CVE-2021-32069

The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data...

Design/Logic Flaw

The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data...

CVE-2021-32069

The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data...

CVE-2020-25606

The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS...

CVE-2020-25611

The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Successful exploitation could allow an attacker to view user conference information...

CVE-2020-25611

The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Successful exploitation could allow an attacker to view user conference information...