CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-27640
https://notcve.org/view.php?id=CVE-2020-27640
18 Dec 2020 — The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations. El auricular Bluetooth de los teléfonos Mitel MiVoice 6940 y 6930 MiNet con versiones de firmware anteriores a 1.5.3, podría permitir a un atacante no autenticado dentro ... • https://www.mitel.com/support/security-advisories •
CVSS: 8.1EPSS: 0%CPEs: 24EXPL: 0CVE-2020-27639
https://notcve.org/view.php?id=CVE-2020-27639
18 Dec 2020 — The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations. El auricular Bluetooth de los teléfonos SIP Mitel MiVoice 6873i, 6930 y 6940 con versiones de firmware anteriores a 5.1.0.SP6, podría permitir a un atacante no ... • https://www.mitel.com/support/security-advisories •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27154
https://notcve.org/view.php?id=CVE-2020-27154
18 Dec 2020 — The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.11 and 7.x before 7.0.3 could allow an attacker to gain access to user information by sending arbitrary code, due to improper input validation. A successful exploit could allow an attacker to view the user information and application data. La ventana de chat del Cliente Mitel BusinessCTI Enterprise (MBC-E) para Windows versiones anteriores a 6.4.11 y versiones 7.x anteriores a 7.0.3, podría permitir a un atacante conseguir... • https://www.mitel.com/support/security-advisories • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25608
https://notcve.org/view.php?id=CVE-2020-25608
18 Dec 2020 — The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection. El portal SAS de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante acceder a unas credenciales de usuario debido a una comprobación inapropiada de la entrada, también se conoce como inyección SQL • https://www.mitel.com/support/security-advisories • CWE-20: Improper Input Validation CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25609
https://notcve.org/view.php?id=CVE-2020-25609
18 Dec 2020 — The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data. El portal NuPoint Messenger de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante autenticado ejecutar scripts arbitrarios debido a una comprobación insuficiente de la entrada, también se conoce como XSS. Un explotación con éxito podría p... • https://www.mitel.com/support/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27340
https://notcve.org/view.php?id=CVE-2020-27340
18 Dec 2020 — The online help portal of Mitel MiCollab before 9.2 could allow an attacker to redirect a user to an unauthorized website by executing malicious script due to insufficient access control. El portal de ayuda en línea de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante redireccionar a un usuario a un sitio web no autorizado al ejecutar un script malicioso debido a un control de acceso insuficiente • https://www.mitel.com/support/security-advisories •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25606
https://notcve.org/view.php?id=CVE-2020-25606
18 Dec 2020 — The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS. El componente AWV de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante visualizar información del sistema mediante el envío de código arbitrario debido a una comprobación inapropiada de la entrada, también se conoce como XSS • https://www.mitel.com/support/security-advisories • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25611
https://notcve.org/view.php?id=CVE-2020-25611
18 Dec 2020 — The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Successful exploitation could allow an attacker to view user conference information. El portal AWV de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante conseguir acceso a la información de la conferencia mediante el envío de código arbitrario debido a una comprobación inapropiada de la entrada, también se cono... • https://www.mitel.com/support/security-advisories • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25610
https://notcve.org/view.php?id=CVE-2020-25610
18 Dec 2020 — The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes. El componente AWV de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante conseguir acceso a una conferencia web debido a un control de acceso insuficiente para los códigos de conferencia • https://www.mitel.com/support/security-advisories •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25612
https://notcve.org/view.php?id=CVE-2020-25612
18 Dec 2020 — The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow an attacker to gain access to sensitive information. El NuPoint Messenger de Mitel MiCollab versiones anteriores a 9.2, podría permitir a un atacante con una escalada de privilegios acceder a unos archivos de usuario debido a un control de acceso insuficiente. Un explotación con éxito podría potencialmente... • https://www.mitel.com/support/security-advisories •