CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28815
https://notcve.org/view.php?id=CVE-2024-28815
27 Mar 2024 — A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration, or execution of arbitrary commands within the context of the system. Una vulnerabilidad en el componente BluStar de Mitel InAttend 2.6 SP4 a 2.7 y CMG 8.5 SP4 a 8.6 podría permitir el acceso a información confidencial, cambios en la configuración del sistema o la ejecución de comandos arbitrarios dentro del contexto del s... • https://cwe.mitre.org/data/definitions/1188.html • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18285
https://notcve.org/view.php?id=CVE-2018-18285
25 Apr 2019 — SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. Vulnerabilidades de inyección SQL en CMG Suite 8.4 SP2 y versiones anteriores, podrían permitir a un atacante no autenticado realizar un ataque de inyección SQL debido a una validación... • https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-19-0003-001.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18286
https://notcve.org/view.php?id=CVE-2018-18286
25 Apr 2019 — SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. Las vulnerabilidades de inyección de SQL en CMG Suite versión 8.4 SP2 y versiones anteriores podrían permitir que un atacante no autenticado realizara un ataque de inyección SQL de... • https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-19-0003-001.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 3%CPEs: 7EXPL: 0CVE-2018-19275
https://notcve.org/view.php?id=CVE-2018-19275
02 Apr 2019 — The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system. El componente BluStar en InAttend de Mittel, en versiones anteriores a las 2.5 SP3; y en versiones de CMG de Mittel anteriores a la 8.4 SP3 Suite Servers, tiene una contraseña por defecto que podría permitir a los ... • https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-190002001-v10.pdf • CWE-1188: Initialization of a Resource with an Insecure Default •