4 results (0.024 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0001 •

CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0

The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens. El kit de Desarrollo de Software de Mitel MiContact Center Business desde versiones 8.0.0.0 hasta 8.1.4.1 y versiones 9.0.0.0 hasta 9.3.1.0, podría permitir a un atacante no autenticado acceder (visualizar y modificar) los datos de usuarios sin autorización debido a un manejo inapropiado de los tokens. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0002 •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization. El portal Ignite en Mitel MiContact Center Business versiones anteriores a 9.3.0.0, podría permitir a un atacante local visualizar información del sistema debido a un saneamiento de salida insuficiente • https://www.mitel.com/support/security-advisories •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. El portal Ignite en Mitel MiContact Center Business versiones anteriores a 9.3.0.0, podría permitir a un atacante ejecutar scripts arbitrarios debido a una comprobación insuficiente de la entrada, también se conoce como una vulnerabilidad de tipo XSS. Una explotación con éxito podría permitir a un atacante conseguir acceso a una sesión de usuario • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0011 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •