Micollab Security Vulnerabilities and Issues — Micollab CVE List

Lucene search

MitelMicollab

10 matches found

CVE•added 2022/03/10 5:47 p.m.•1079 views

CVE-2022-26143

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in Februar...

9.8CVSS9.1AI score0.6477EPSS

In wild

CVE•added 2024/10/21 9:15 p.m.•229 views

CVE-2024-41713

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the att...

9.1CVSS7.2AI score0.93914EPSS

In wild

CVE•added 2024/10/21 9:15 p.m.•124 views

CVE-2024-35286

A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary datab...

9.8CVSS7.9AI score0.7232EPSS

CVE•added 2024/10/21 9:15 p.m.•72 views

CVE-2024-35314

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user...

9.8CVSS9.8AI score0.07014EPSS

CVE•added 2021/01/29 7:15 a.m.•65 views

CVE-2020-35547

A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data.

9.1CVSS9.2AI score0.00367EPSS

CVE•added 2022/10/25 7:15 p.m.•64 views

CVE-2022-36452

A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application.

9.8CVSS9.6AI score0.01899EPSS

CVE•added 2022/11/22 1:15 a.m.•54 views

CVE-2022-41326

The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application.

9.8CVSS9.8AI score0.03003EPSS

CVE•added 2021/08/13 4:15 p.m.•52 views

CVE-2021-32071

The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users.

9.8CVSS9.2AI score0.00561EPSS

CVE•added 2024/10/21 9:15 p.m.•45 views

CVE-2024-35285

A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization.

9.8CVSS7.5AI score0.04279EPSS

CVE•added 2024/10/21 8:15 p.m.•42 views

CVE-2024-47223

A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access...

9.4CVSS8.2AI score0.00778EPSS