CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27340
https://notcve.org/view.php?id=CVE-2020-27340
18 Dec 2020 — The online help portal of Mitel MiCollab before 9.2 could allow an attacker to redirect a user to an unauthorized website by executing malicious script due to insufficient access control. El portal de ayuda en línea de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante redireccionar a un usuario a un sitio web no autorizado al ejecutar un script malicioso debido a un control de acceso insuficiente • https://www.mitel.com/support/security-advisories •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25606
https://notcve.org/view.php?id=CVE-2020-25606
18 Dec 2020 — The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS. El componente AWV de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante visualizar información del sistema mediante el envío de código arbitrario debido a una comprobación inapropiada de la entrada, también se conoce como XSS • https://www.mitel.com/support/security-advisories • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25611
https://notcve.org/view.php?id=CVE-2020-25611
18 Dec 2020 — The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Successful exploitation could allow an attacker to view user conference information. El portal AWV de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante conseguir acceso a la información de la conferencia mediante el envío de código arbitrario debido a una comprobación inapropiada de la entrada, también se cono... • https://www.mitel.com/support/security-advisories • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25610
https://notcve.org/view.php?id=CVE-2020-25610
18 Dec 2020 — The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes. El componente AWV de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante conseguir acceso a una conferencia web debido a un control de acceso insuficiente para los códigos de conferencia • https://www.mitel.com/support/security-advisories •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25612
https://notcve.org/view.php?id=CVE-2020-25612
18 Dec 2020 — The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow an attacker to gain access to sensitive information. El NuPoint Messenger de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante con una escalada de privilegios acceder a unos archivos de usuario debido a un control de acceso insuficiente. Un explotación con éxito podría potencialmente... • https://www.mitel.com/support/security-advisories •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11797
https://notcve.org/view.php?id=CVE-2020-11797
26 Aug 2020 — An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit could allow an attacker to access sensitive shared files. Una vulnerabilidad de Omisión de Autenticación en el Área Publicada del componente de conferencias web de Mitel MiCollab AWV versiones anteriores a 8.1.2.4 y ... • https://www.mitel.com/support/security-advisories •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13767
https://notcve.org/view.php?id=CVE-2020-13767
26 Aug 2020 — The Mitel MiCollab application before 9.1.332 for iOS could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS device, and (if successful) could allow an attacker to gain access to sensitive information, La aplicación Mitel MiCollab versiones anteriores a 9.1.332, para iOS podría permitir a un usuario no autorizado acceder a archivos y carpetas restringidos debido a un control de acceso insuficiente. Una explotación requiere... • https://www.mitel.com/support/security-advisories •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13863
https://notcve.org/view.php?id=CVE-2020-13863
26 Aug 2020 — The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information. El portal SAS de Mitel MiCollab versiones anteriores a 9.1.3, podría permitir a un atacante acceder a los datos de usuario al llevar a cabo una inyección de encabezado en las respuestas HTTP, debido al manejo inapropiado de los parámetros de entra... • https://www.mitel.com/support/security-advisories • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.3EPSS: 85%CPEs: 2EXPL: 2CVE-2020-11798 – Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI
https://notcve.org/view.php?id=CVE-2020-11798
10 Jun 2020 — A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories. Una vulnerabilidad de Salto de Directorio en el componente web conference de Mitel MiCollab AWV versiones anteriores a 8.1.2.4... • https://packetstorm.news/files/id/171751 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19608
https://notcve.org/view.php?id=CVE-2019-19608
02 Mar 2020 — A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. Una vulnerabilidad de inyección SQL en el componente web conferencing de Mitel MiCollab AWV versiones anteriores a 8.1.2.2, podría permitir un ataque no autenticado debido a... • https://www.mitel.com/support/security-advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •