CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32072
https://notcve.org/view.php?id=CVE-2021-32072
13 Aug 2021 — The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitization. A successful exploit could allow an attacker to view source code methods. El componente MiCollab Client Service en Mitel MiCollab versiones anteriores a 9.3, podría permitir a un atacante conseguir información del código fuente (divulgando datos confidenciales de la aplicación) debido a una insuficiente sane... • https://www.mitel.com/support/security-advisories • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32071
https://notcve.org/view.php?id=CVE-2021-32071
13 Aug 2021 — The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users. El servicio MiCollab Client de Mitel MiCollab versiones anteriores a 9.3, podría permitir a un usuario no autenticado conseguir acceso al sistema debido a un control de acceso inapropiado. Una explotación con éxito podría permitir a un atacan... • https://www.mitel.com/support/security-advisories •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32070
https://notcve.org/view.php?id=CVE-2021-32070
13 Aug 2021 — The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users. El componente MiCollab Client Service en Mitel MiCollab versiones anteriores a 9.3, podría permitir a un atacante llevar a cabo un ataque de clickjacking debido a una respuesta de encabezado no segura. Una explotación con éxito podría permitir a un atacante ... • https://www.mitel.com/support/security-advisories • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32068
https://notcve.org/view.php?id=CVE-2021-32068
13 Aug 2021 — The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an attacker to modify application data and state. Los componentes AWV y MiCollab Client Service de Mitel MiCollab versiones anteriores a 9.3, podrían permitir a un atacante llevar a cabo un ataque de tipo Man-In-the-Middle mediante el envío de múl... • https://www.mitel.com/support/security-advisories • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32067
https://notcve.org/view.php?id=CVE-2021-32067
13 Aug 2021 — The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization. El componente MiCollab Client Service en Mitel MiCollab versiones anteriores a 9.3, podría permitir a un atacante visualizar información confidencial del sistema mediante una respuesta HTTP debido a un insuficiente saneo de la salida. • https://www.mitel.com/support/security-advisories • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27402
https://notcve.org/view.php?id=CVE-2021-27402
13 Aug 2021 — The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal. El portal SAS Admin de Mitel MiCollab versiones anteriores a 9.2 FP2, podría permitir a un atacante no autenticado acceder (visualizar y modificar) los datos de los usuarios inyectando rutas de directorio arbitrarias debido a una comprobación inapropiada de la URL, también se conoce ... • https://www.mitel.com/support/security-advisories • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27401
https://notcve.org/view.php?id=CVE-2021-27401
13 Aug 2021 — The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS). La página Join Meeting de Mitel MiCollab Web Client versiones anteriores a 9.2 FP2, podría permitir a un atacante acceder (visualizar y modificar) datos del usuario mediante una ejecución de código arbitrario debido a una comprobación insuficiente de entrada, también se conoce como Cro... • https://www.mitel.com/support/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2021-26714 – Gentoo Linux Security Advisory 202412-03
https://notcve.org/view.php?id=CVE-2021-26714
19 Feb 2021 — The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal. El portal Enterprise License Manager en Mitel MiContact Center Enterprise versiones anteriores a 9.4, podría permitir a un usuario acceder a archivos y carpetas restringidos debido a un control insuficiente de acceso. Un ... • https://github.com/PwCNO-CTO/CVE-2021-26714 •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3176
https://notcve.org/view.php?id=CVE-2021-3176
29 Jan 2021 — The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view user information and application data. La ventana de chat de Mitel BusinessCTI Enterprise (MBC-E) Client para Windows versiones anteriores a 6.4.15 y versiones 7.x anteriores a 7.1.2, podría permitir a un atacante... • https://www.mitel.com/support/security-advisories • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35547
https://notcve.org/view.php?id=CVE-2020-35547
29 Jan 2021 — A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data. Una página de índice de biblioteca en NuPoint Messenger en Mitel MiCollab versiones anteriores a 9.2 FP1, podría permitir a un atacante no autenticado conseguir acceso (visualizar y modificar) a los datos del usuario • https://www.mitel.com/support/security-advisories •