CVSS: 9.8EPSS: 76%CPEs: 1EXPL: 0CVE-2024-35286
https://notcve.org/view.php?id=CVE-2024-35286
21 Oct 2024 — A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0014 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47223
https://notcve.org/view.php?id=CVE-2024-47223
21 Oct 2024 — A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access non-sensitive user provisioning information and execute arbitrary SQL database commands. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0028 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47912
https://notcve.org/view.php?id=CVE-2024-47912
21 Oct 2024 — A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A successful exploit could allow an attacker to access and delete sensitive information. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0027 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30157
https://notcve.org/view.php?id=CVE-2024-30157
21 Oct 2024 — A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0004 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30158
https://notcve.org/view.php?id=CVE-2024-30158
21 Oct 2024 — A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0004 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 0CVE-2024-35285
https://notcve.org/view.php?id=CVE-2024-35285
21 Oct 2024 — A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0013 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35287
https://notcve.org/view.php?id=CVE-2024-35287
21 Oct 2024 — A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0023 • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 0CVE-2024-35314
https://notcve.org/view.php?id=CVE-2024-35314
21 Oct 2024 — A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary scripts. A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticate... • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0015 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.6EPSS: 1%CPEs: 2EXPL: 1CVE-2024-35315
https://notcve.org/view.php?id=CVE-2024-35315
21 Oct 2024 — A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges. • https://github.com/ewilded/CVE-2024-35315-POC • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41712
https://notcve.org/view.php?id=CVE-2024-41712
21 Oct 2024 — A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0022 • CWE-94: Improper Control of Generation of Code ('Code Injection') •