CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42514
https://notcve.org/view.php?id=CVE-2024-42514
01 Oct 2024 — A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit could allow an attacker to access sensitive information and send unauthorized messages. A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to... • https://www.mitel.com/support/security-advisories • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28069
https://notcve.org/view.php?id=CVE-2024-28069
16 Mar 2024 — A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component. Una vulnerabilidad en el componente de chat heredado de Mitel MiContact Center Business hasta la versión 10.0.0.4 podría permitir que un atacante... • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0001 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22854
https://notcve.org/view.php?id=CVE-2023-22854
13 Feb 2023 — The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information. • https://www.mitel.com/support/security-advisories • CWE-839: Numeric Range Comparison Without Minimum Check •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3352
https://notcve.org/view.php?id=CVE-2021-3352
13 Aug 2021 — The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens. El kit de Desarrollo de Software de Mitel MiContact Center Business desde versiones 8.0.0.0 hasta 8.1.4.1 y versiones 9.0.0.0 hasta 9.3.1.0, podría permitir a un atacante no autenticado acceder (visualizar y modificar) los datos de usuarios sin autorizaci... • https://www.mitel.com/support/security-advisories •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24693
https://notcve.org/view.php?id=CVE-2020-24693
18 Dec 2020 — The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization. El portal Ignite en Mitel MiContact Center Business versiones anteriores a 9.3.0.0, podría permitir a un atacante local visualizar información del sistema debido a un saneamiento de salida insuficiente • https://www.mitel.com/support/security-advisories •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24692
https://notcve.org/view.php?id=CVE-2020-24692
25 Sep 2020 — The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. El portal Ignite en Mitel MiContact Center Business versiones anteriores a 9.3.0.0, podría permitir a un atacante ejecutar scripts arbitrarios debido a una comprobación insuficiente de la entrada, también se conoce como una vulnerabilidad de tipo XSS. Una expl... • https://www.mitel.com/support/security-advisories • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9379
https://notcve.org/view.php?id=CVE-2020-9379
25 Feb 2020 — The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to user conversations. El Kit Software Development del MiContact Center Business con Site Based Security versiones 8.0 hasta 9.0.1.0 anteriores a KB496276, permite a un usuario autenticado acceder a información confidencial. Una explotación con éxito podría permitir el acce... • https://www.mitel.com/support/security-advisories •