CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24693
https://notcve.org/view.php?id=CVE-2020-24693
18 Dec 2020 — The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization. El portal Ignite en Mitel MiContact Center Business versiones anteriores a 9.3.0.0, podría permitir a un atacante local visualizar información del sistema debido a un saneamiento de salida insuficiente • https://www.mitel.com/support/security-advisories •
CVSS: 6.1EPSS: 18%CPEs: 2EXPL: 4CVE-2020-28351 – ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-28351
09 Nov 2020 — The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page. El componente conferencing en los dispositivos Mitel ShoreTel versión 19.46.1802.0, podría permitir a un atacante no autenticado conducir un ataque de tipo cross-site scripting (XSS) reflejado (por medio del parámetro PATH_INFO en el... • https://packetstorm.news/files/id/159987 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-24595
https://notcve.org/view.php?id=CVE-2020-24595
25 Sep 2020 — Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control. Mitel MiCloud Management Portal versiones anteriores a 6.1 SP5, podía permitir a un atacante, por medio del envío de una petición diseñada, recuperar información confidencial debido a un control de acceso insuficiente • https://www.mitel.com/support/security-advisories •
CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0CVE-2020-24594
https://notcve.org/view.php?id=CVE-2020-24594
25 Sep 2020 — Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. Mitel MiCloud Management Portal versiones anteriores a 6.1 SP5, podría permitir a un atacante no autenticado ejecutar scripts arbitrarios debido a una comprobación insuficiente de la entrada, también se conoce como una vulnerabilidad de tipo XSS. Un explotación con... • https://www.mitel.com/support/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2020-24593
https://notcve.org/view.php?id=CVE-2020-24593
25 Sep 2020 — Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation. Mitel MiCloud Management Portal versiones anteriores a 6.1 SP5, podría permitir a un atacante remoto conducir un ataque de inyección SQL y acceder a credenciales de usuario debido a una comprobación inapropiada de la entrada • https://www.mitel.com/support/security-advisories • CWE-20: Improper Input Validation CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-24592
https://notcve.org/view.php?id=CVE-2020-24592
25 Sep 2020 — Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization. Mitel MiCloud Management Portal versiones anteriores a 6.1 SP5, podría permitir a un atacante, por medio del envío de una petición diseñada, visualizar información del sistema debido a un saneamiento insuficiente de la salida • https://www.mitel.com/support/security-advisories • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24692
https://notcve.org/view.php?id=CVE-2020-24692
25 Sep 2020 — The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. El portal Ignite en Mitel MiContact Center Business versiones anteriores a 9.3.0.0, podría permitir a un atacante ejecutar scripts arbitrarios debido a una comprobación insuficiente de la entrada, también se conoce como una vulnerabilidad de tipo XSS. Una expl... • https://www.mitel.com/support/security-advisories • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11797
https://notcve.org/view.php?id=CVE-2020-11797
26 Aug 2020 — An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit could allow an attacker to access sensitive shared files. Una vulnerabilidad de Omisión de Autenticación en el Área Publicada del componente de conferencias web de Mitel MiCollab AWV versiones anteriores a 8.1.2.4 y ... • https://www.mitel.com/support/security-advisories •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-12456
https://notcve.org/view.php?id=CVE-2020-12456
26 Aug 2020 — A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform directory traversal, and execute arbitrary scripts in the context of the Connect client. Una vulnerabilidad de ejecución de código remota en Mitel MiVoice Connect Client versiones anteriores a 214.100.1223.0, podrí... • https://www.mitel.com/support/security-advisories • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 77EXPL: 0CVE-2020-13617
https://notcve.org/view.php?id=CVE-2020-13617
26 Aug 2020 — The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts. El componente de la Interfaz de Usuario Web de los Teléfonos SIP de la Serie Mitel MiVoice 6800 y 6900 con versiones de firmware anteriores a 5.1.0.SP5, podría permitir a un atacante no autenticado exponer información confidencial debido a un manejo inapropiado de la memoria d... • https://www.mitel.com/support/security-advisories • CWE-307: Improper Restriction of Excessive Authentication Attempts •