CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32072
https://notcve.org/view.php?id=CVE-2021-32072
13 Aug 2021 — The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitization. A successful exploit could allow an attacker to view source code methods. El componente MiCollab Client Service en Mitel MiCollab versiones anteriores a 9.3, podría permitir a un atacante conseguir información del código fuente (divulgando datos confidenciales de la aplicación) debido a una insuficiente sane... • https://www.mitel.com/support/security-advisories • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32071
https://notcve.org/view.php?id=CVE-2021-32071
13 Aug 2021 — The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users. El servicio MiCollab Client de Mitel MiCollab versiones anteriores a 9.3, podría permitir a un usuario no autenticado conseguir acceso al sistema debido a un control de acceso inapropiado. Una explotación con éxito podría permitir a un atacan... • https://www.mitel.com/support/security-advisories •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32070
https://notcve.org/view.php?id=CVE-2021-32070
13 Aug 2021 — The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users. El componente MiCollab Client Service en Mitel MiCollab versiones anteriores a 9.3, podría permitir a un atacante llevar a cabo un ataque de clickjacking debido a una respuesta de encabezado no segura. Una explotación con éxito podría permitir a un atacante ... • https://www.mitel.com/support/security-advisories • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32068
https://notcve.org/view.php?id=CVE-2021-32068
13 Aug 2021 — The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an attacker to modify application data and state. Los componentes AWV y MiCollab Client Service de Mitel MiCollab versiones anteriores a 9.3, podrían permitir a un atacante llevar a cabo un ataque de tipo Man-In-the-Middle mediante el envío de múl... • https://www.mitel.com/support/security-advisories • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32067
https://notcve.org/view.php?id=CVE-2021-32067
13 Aug 2021 — The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization. El componente MiCollab Client Service en Mitel MiCollab versiones anteriores a 9.3, podría permitir a un atacante visualizar información confidencial del sistema mediante una respuesta HTTP debido a un insuficiente saneo de la salida. • https://www.mitel.com/support/security-advisories • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27402
https://notcve.org/view.php?id=CVE-2021-27402
13 Aug 2021 — The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal. El portal SAS Admin de Mitel MiCollab versiones anteriores a 9.2 FP2, podría permitir a un atacante no autenticado acceder (visualizar y modificar) los datos de los usuarios inyectando rutas de directorio arbitrarias debido a una comprobación inapropiada de la URL, también se conoce ... • https://www.mitel.com/support/security-advisories • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27401
https://notcve.org/view.php?id=CVE-2021-27401
13 Aug 2021 — The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS). La página Join Meeting de Mitel MiCollab Web Client versiones anteriores a 9.2 FP2, podría permitir a un atacante acceder (visualizar y modificar) datos del usuario mediante una ejecución de código arbitrario debido a una comprobación insuficiente de entrada, también se conoce como Cro... • https://www.mitel.com/support/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35547
https://notcve.org/view.php?id=CVE-2020-35547
29 Jan 2021 — A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data. Una página de índice de biblioteca en NuPoint Messenger en Mitel MiCollab versiones anteriores a 9.2 FP1, podría permitir a un atacante no autenticado conseguir acceso (visualizar y modificar) a los datos del usuario • https://www.mitel.com/support/security-advisories •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25608
https://notcve.org/view.php?id=CVE-2020-25608
18 Dec 2020 — The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection. El portal SAS de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante acceder a unas credenciales de usuario debido a una comprobación inapropiada de la entrada, también se conoce como inyección SQL • https://www.mitel.com/support/security-advisories • CWE-20: Improper Input Validation CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25609
https://notcve.org/view.php?id=CVE-2020-25609
18 Dec 2020 — The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data. El portal NuPoint Messenger de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante autenticado ejecutar scripts arbitrarios debido a una comprobación insuficiente de la entrada, también se conoce como XSS. Un explotación con éxito podría p... • https://www.mitel.com/support/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •