CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19371
https://notcve.org/view.php?id=CVE-2019-19371
A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the join meeting interface. A successful exploit could allow an attacker to execute arbitrary scripts. Una vulnerabilidad de tipo cross-site scripting (XSS) en el componente web conferencing de Mitel MiCollab AWV versiones anteriores a 8.1.2.2, podría permitir a un atacante no autenticado conducir un ataque de tipo cross-site scripting (XSS) reflejado debido a una comprobación insuficiente en la interfaz join meeting. Una explotación con éxito podría permitir a un atacante ejecutar scripts arbitrarios. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19370
https://notcve.org/view.php?id=CVE-2019-19370
A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the file upload interface. A successful exploit could allow an attacker to execute arbitrary scripts. Una vulnerabilidad de tipo cross-site scripting (XSS) en el componente web conferencing de la aplicación Mitel MiCollab versiones anteriores a 9.0.15 para Android, podría permitir a un atacante no autenticado conducir un ataque de tipo cross-site scripting (XSS) reflejado debido a una comprobación insuficiente en la interfaz file upload. Una explotación con éxito podría permitir a un atacante ejecutar scripts arbitrarios. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 32EXPL: 0CVE-2019-18863
https://notcve.org/view.php?id=CVE-2019-18863
A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information. Una vulnerabilidad de longitud de clave en la implementación de la clave de 128 bits de SRTP en los teléfonos SIP Mitel de la serie 6800 y 6900, versiones anteriores a 5.1.0.2051 SP2, podría permitir a un atacante iniciar un ataque de tipo man-in-the-middle cuando SRTP es usado en una llamada. Una explotación con éxito puede permitir a un atacante interceptar información confidencial. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0006 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9379
https://notcve.org/view.php?id=CVE-2020-9379
The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to user conversations. El Kit Software Development del MiContact Center Business con Site Based Security versiones 8.0 hasta 9.0.1.0 anteriores a KB496276, permite a un usuario autenticado acceder a información confidencial. Una explotación con éxito podría permitir el acceso no autorizado a las conversaciones del usuario. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0003 •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19891
https://notcve.org/view.php?id=CVE-2019-19891
An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack. A successful exploit may allow the attacker to intercept sensitive information. Una vulnerabilidad de clave de cifrado en los dispositivos inalámbricos Mitel SIP-DECT versión 8.0 y 8.1, podría permitir a un atacante activar un ataque de tipo man-in-the-middle. Una explotación con éxito puede permitir al atacante interceptar información confidencial. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0009 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •