113 matches found
Information disclosure
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information...
Mitel MiContact Center Business 安全漏洞
Mitel MiContact Center Business is an all-media contact center platform from Mitel. The platform is used for customer communication, production management and other scenarios. A security vulnerability exists in the Mitel MiContact Center Business server versions 9.2.2.0 to 9.4.1.0, which is cause...
CVE-2023-22854
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information...
CVE-2023-22854
The CVE-2023-22854 entry concerns Mitel MiContact Center Business server, specifically the ccmweb component, version range 9.2.2.0 to 9.4.1.0. The root cause is insufficient restriction of URL parameters in the ccmweb component, enabling an unauthenticated attacker to download arbitrary files and...
CVE-2023-22854
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information...
CVE-2021-3352
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access view and modify user data without authorization due to improper handling of tokens...
CVE-2021-3352
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access view and modify user data without authorization due to improper handling of tokens...
Authorization
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access view and modify user data without authorization due to improper handling of tokens...
CVE-2021-3352
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access view and modify user data without authorization due to improper handling of tokens...
CVE-2021-3352
The Mitel MiContact Center Business Software Development Kit (SDK) is affected, specifically versions 8.0.0.0–8.1.4.1 and 9.0.0.0–9.3.1.0. The root cause is improper handling of tokens in the SDK, which can allow an unauthenticated attacker to view and modify user data without authorization. This...
CVE-2021-3352
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access view and modify user data without authorization due to improper handling of tokens...
Mitel MiContact Center Business 安全漏洞
Mitel MiContact Center Business is an all-media contact center platform from Mitel Canada. The platform is used in customer communication and production management scenarios. A security vulnerability exists in Mitel MiContact Center Business, which is caused by the product's Software Development...
Vulnerability fixed in Mitel MiContact Center
Mitel has fixed a vulnerability in MiContact Center. The vulnerability allows an authenticated malicious party with access to the Enterprise License Manager portal is able to obtain system data obtain. Mitel has released updates to fix the vulnerability. More information can be found on the page...
CVE-2021-26714
The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...
CVE-2021-26714
The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...
Directory traversal
The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...
CVE-2021-26714
The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...
CVE-2021-26714
The CVE-2021-26714 entry affects Mitel MiContact Center Enterprise’s Enterprise License Manager portal prior to version 9.4, where insufficient access control allows Directory Traversal to view/modify application data. The issue is confirmed by multiple sources (NVD entry, Red Hat advisory, and M...
CVE-2020-24693
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization...
CVE-2020-24693
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization...