Micollab Security Vulnerabilities and Issues — Micollab CVE List

Lucene search

MitelMicollab

9 matches found

CVE•added 2021/01/29 7:15 a.m.•64 views

CVE-2020-35547

A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data.

9.1CVSS9.2AI score0.00367EPSS

CVE•added 2021/08/13 4:15 p.m.•60 views

CVE-2021-32070

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users.

5.8CVSS5.3AI score0.00171EPSS

CVE•added 2021/08/13 4:15 p.m.•56 views

CVE-2021-32068

The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an attacker to modify application ...

4.3CVSS4.2AI score0.00189EPSS

CVE•added 2021/08/13 4:15 p.m.•56 views

CVE-2021-32072

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitization. A successful exploit could allow an attacker to view source code methods.

6.5CVSS6.2AI score0.00256EPSS

CVE•added 2021/08/13 4:15 p.m.•53 views

CVE-2021-27401

The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS).

6.1CVSS6.2AI score0.00458EPSS

CVE•added 2021/08/13 4:15 p.m.•52 views

CVE-2021-32067

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization.

6.5CVSS6.2AI score0.002EPSS

CVE•added 2021/08/13 4:15 p.m.•52 views

CVE-2021-32069

The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data.

5.8CVSS5AI score0.00162EPSS

CVE•added 2021/08/13 4:15 p.m.•50 views

CVE-2021-32071

The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users.

9.8CVSS9.2AI score0.00561EPSS

CVE•added 2021/08/13 4:15 p.m.•46 views

CVE-2021-27402

The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal.

6.5CVSS6.5AI score0.00304EPSS