CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25610
https://notcve.org/view.php?id=CVE-2020-25610
The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes. El componente AWV de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante conseguir acceso a una conferencia web debido a un control de acceso insuficiente para los códigos de conferencia • https://www.mitel.com/support/security-advisories •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25612
https://notcve.org/view.php?id=CVE-2020-25612
The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow an attacker to gain access to sensitive information. El NuPoint Messenger de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante con una escalada de privilegios acceder a unos archivos de usuario debido a un control de acceso insuficiente. Un explotación con éxito podría potencialmente permitir a un atacante conseguir acceso a información confidencial • https://www.mitel.com/support/security-advisories •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24693
https://notcve.org/view.php?id=CVE-2020-24693
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization. El portal Ignite en Mitel MiContact Center Business versiones anteriores a 9.3.0.0, podría permitir a un atacante local visualizar información del sistema debido a un saneamiento de salida insuficiente • https://www.mitel.com/support/security-advisories •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2020-28351 – ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-28351
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page. El componente conferencing en los dispositivos Mitel ShoreTel versión 19.46.1802.0, podría permitir a un atacante no autenticado conducir un ataque de tipo cross-site scripting (XSS) reflejado (por medio del parámetro PATH_INFO en el archivo index.php) debido a una comprobación insuficiente para el objeto time_zone en la página HOME_MEETING& ShoreTel Conferencing version 19.46.1802.0 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/49026 https://github.com/dievus/CVE-2020-28351 http://packetstormsecurity.com/files/159987/ShoreTel-Conferencing-19.46.1802.0-Cross-Site-Scripting.html https://github.com/dievus/cve-2020-28351 https://www.mitel.com/articles/what-happened-shoretel-products • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-24595
https://notcve.org/view.php?id=CVE-2020-24595
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control. Mitel MiCloud Management Portal versiones anteriores a 6.1 SP5, podía permitir a un atacante, por medio del envío de una petición diseñada, recuperar información confidencial debido a un control de acceso insuficiente • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0010 •