Lucene search
+L

113 matches found

prion
prion
added 2023/02/13 6:15 p.m.17 views

Information disclosure

The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information...

5CVSS7.6AI score0.006EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2023/02/13 12:0 a.m.7 views

Mitel MiContact Center Business 安全漏洞

Mitel MiContact Center Business is an all-media contact center platform from Mitel. The platform is used for customer communication, production management and other scenarios. A security vulnerability exists in the Mitel MiContact Center Business server versions 9.2.2.0 to 9.4.1.0, which is cause...

9.1CVSS7.5AI score0.006EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2023/02/13 12:0 a.m.9 views

CVE-2023-22854

The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information...

7.7AI score0.006EPSS
Exploits0References2
cve
cve
added 2023/02/13 12:0 a.m.50 views

CVE-2023-22854

The CVE-2023-22854 entry concerns Mitel MiContact Center Business server, specifically the ccmweb component, version range 9.2.2.0 to 9.4.1.0. The root cause is insufficient restriction of URL parameters in the ccmweb component, enabling an unauthenticated attacker to download arbitrary files and...

9.1CVSS7.5AI score0.006EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2023/02/13 12:0 a.m.28 views

CVE-2023-22854

The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information...

7.7AI score0.006EPSS
Exploits0References2
osv
osv
added 2021/08/13 4:15 p.m.5 views

CVE-2021-3352

The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access view and modify user data without authorization due to improper handling of tokens...

9.1CVSS7.3AI score0.0104EPSS
Exploits0References2
nvd
nvd
added 2021/08/13 4:15 p.m.23 views

CVE-2021-3352

The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access view and modify user data without authorization due to improper handling of tokens...

9.1CVSS0.0104EPSS
Exploits0References2
prion
prion
added 2021/08/13 4:15 p.m.14 views

Authorization

The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access view and modify user data without authorization due to improper handling of tokens...

6.4CVSS9.1AI score0.0104EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2021/08/13 4:15 p.m.3 views

CVE-2021-3352

The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access view and modify user data without authorization due to improper handling of tokens...

9.1CVSS7.3AI score0.0104EPSS
Exploits0References3
cve
cve
added 2021/08/13 3:35 p.m.69 views

CVE-2021-3352

The Mitel MiContact Center Business Software Development Kit (SDK) is affected, specifically versions 8.0.0.0–8.1.4.1 and 9.0.0.0–9.3.1.0. The root cause is improper handling of tokens in the SDK, which can allow an unauthenticated attacker to view and modify user data without authorization. This...

9.1CVSS9.1AI score0.0104EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2021/08/13 3:35 p.m.26 views

CVE-2021-3352

The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access view and modify user data without authorization due to improper handling of tokens...

9.4AI score0.0104EPSS
Exploits0References2
cnnvd
cnnvd
added 2021/08/13 12:0 a.m.4 views

Mitel MiContact Center Business 安全漏洞

Mitel MiContact Center Business is an all-media contact center platform from Mitel Canada. The platform is used in customer communication and production management scenarios. A security vulnerability exists in Mitel MiContact Center Business, which is caused by the product's Software Development...

9.1CVSS8.2AI score0.0104EPSS
Exploits0References1
ncsc
ncsc
added 2021/03/30 12:0 a.m.8 views

Vulnerability fixed in Mitel MiContact Center

Mitel has fixed a vulnerability in MiContact Center. The vulnerability allows an authenticated malicious party with access to the Enterprise License Manager portal is able to obtain system data obtain. Mitel has released updates to fix the vulnerability. More information can be found on the page...

9.8CVSS6.5AI score0.02516EPSS
Exploits0
osv
osv
added 2021/03/29 8:15 p.m.3 views

CVE-2021-26714

The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...

9.8CVSS5.8AI score0.02516EPSS
Exploits0References1
nvd
nvd
added 2021/03/29 8:15 p.m.17 views

CVE-2021-26714

The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...

9.8CVSS0.02516EPSS
Exploits0References1
prion
prion
added 2021/03/29 8:15 p.m.20 views

Directory traversal

The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...

7.5CVSS9.2AI score0.02516EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2021/03/29 7:8 p.m.23 views

CVE-2021-26714

The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...

9.5AI score0.02516EPSS
Exploits0References1
cve
cve
added 2021/03/29 7:8 p.m.63 views

CVE-2021-26714

The CVE-2021-26714 entry affects Mitel MiContact Center Enterprise’s Enterprise License Manager portal prior to version 9.4, where insufficient access control allows Directory Traversal to view/modify application data. The issue is confirmed by multiple sources (NVD entry, Red Hat advisory, and M...

9.8CVSS9.2AI score0.02516EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2020/12/18 8:15 a.m.25 views

CVE-2020-24693

The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization...

3.3CVSS3.6AI score0.00272EPSS
Exploits0References1
osv
osv
added 2020/12/18 8:15 a.m.6 views

CVE-2020-24693

The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization...

3.3CVSS5.8AI score0.00272EPSS
Exploits0References1
Rows per page
Query Builder