CVE-2020-24595
https://notcve.org/view.php?id=CVE-2020-24595
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control. Mitel MiCloud Management Portal versiones anteriores a 6.1 SP5, podía permitir a un atacante, por medio del envío de una petición diseñada, recuperar información confidencial debido a un control de acceso insuficiente • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0010 •
CVE-2020-24594
https://notcve.org/view.php?id=CVE-2020-24594
Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. Mitel MiCloud Management Portal versiones anteriores a 6.1 SP5, podría permitir a un atacante no autenticado ejecutar scripts arbitrarios debido a una comprobación insuficiente de la entrada, también se conoce como una vulnerabilidad de tipo XSS. Un explotación con éxito podría permitir a un atacante conseguir acceso a una sesión de usuario • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-24593
https://notcve.org/view.php?id=CVE-2020-24593
Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation. Mitel MiCloud Management Portal versiones anteriores a 6.1 SP5, podría permitir a un atacante remoto conducir un ataque de inyección SQL y acceder a credenciales de usuario debido a una comprobación inapropiada de la entrada • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0010 • CWE-20: Improper Input Validation CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-24592
https://notcve.org/view.php?id=CVE-2020-24592
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization. Mitel MiCloud Management Portal versiones anteriores a 6.1 SP5, podría permitir a un atacante, por medio del envío de una petición diseñada, visualizar información del sistema debido a un saneamiento insuficiente de la salida • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0010 • CWE-116: Improper Encoding or Escaping of Output •