11 matches found
CVE-2024-35284
CVE-2024-35284 affects Mitel MiContact Center Business through version 10.0.0.4, specifically in the legacy chat component where insufficient input validation enables a reflected XSS when exploited by an unauthenticated attacker. The issue is confirmed by PT-2024-26416, which ties the vulnerabili...
CVE-2024-35283
CVE-2024-35283 affects the Mitel MiContact Center Business Ignite component. Affected software: MiContact Center Business versions through 10.0.0.4. Description in connected docs shows a vulnerability due to insufficient input validation that could allow an unauthenticated attacker to perform a s...
CVE-2020-9379
CVE-2020-9379 affects the MiContact Center Business SDK with Site Based Security versions 8.0 through 9.0.1.0 before KB496276. The description states that an authenticated user can access sensitive information, potentially exposing user conversations. The core issue appears to be access-control-r...
CVE-2024-28070
Mitel MiContact Center Business
CVE-2021-3352
The Mitel MiContact Center Business Software Development Kit (SDK) is affected, specifically versions 8.0.0.0–8.1.4.1 and 9.0.0.0–9.3.1.0. The root cause is improper handling of tokens in the SDK, which can allow an unauthenticated attacker to view and modify user data without authorization. This...
CVE-2020-24692
CVE-2020-24692 affects the Ignite portal in Mitel MiContact Center Business prior to 9.3.0.0. The issue is insufficient input validation allowing cross-site scripting (XSS), which could let an attacker execute arbitrary scripts and potentially gain access to a user session. The description and co...
CVE-2024-28069
CVE-2024-28069 concerns Mitel MiContact Center Business (legacy chat component) up to version 10.0.0.4. The vulnerability allows an unauthenticated attacker to perform information disclosure due to improper configuration, enabling access to sensitive data and potentially unauthorized actions with...
CVE-2024-42514
Summary: CVE-2024-42514 affects Mitel MiContact Center Business of the legacy chat component up to version 10.1.0.4. The root cause is inadequate access control checks that allow an unauthenticated attacker, requiring user interaction, to access sensitive information and send unauthorized message...
CVE-2023-22854
The CVE-2023-22854 entry concerns Mitel MiContact Center Business server, specifically the ccmweb component, version range 9.2.2.0 to 9.4.1.0. The root cause is insufficient restriction of URL parameters in the ccmweb component, enabling an unauthenticated attacker to download arbitrary files and...
CVE-2020-24693
The Mitel MiContact Center Business Ignite portal is affected by CVE-2020-24693, with the Ignite portal vulnerability located in the MiContact Center’s Ignite component prior to version 9.3.0.0. The root cause is insufficient output sanitization, which could allow a local attacker to view system ...
CVE-2025-67823
CVE-2025-67823 affects Mitel MiContact Center Business up to version 10.2.0.10 and Mitel CX up to 1.1.0.1. The vulnerability is in the Multimedia Email component and stems from insufficient input validation, enabling an unauthenticated attacker to perform a Cross-Site Scripting (XSS) attack. A su...