A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-16
Updated
2024-03-17
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-16
Updated
2024-03-17
An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-08
Updated
2024-02-15
An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload.
Max CVSS
8.8
EPSS Score
0.05%
Published
2024-02-08
Updated
2024-02-15
A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system.
Max CVSS
9.8
EPSS Score
0.08%
Published
2023-08-14
Updated
2023-08-21
A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations.
Max CVSS
9.8
EPSS Score
0.08%
Published
2023-08-14
Updated
2023-08-21
A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information.
Max CVSS
4.9
EPSS Score
0.05%
Published
2023-08-25
Updated
2023-08-29
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information.
Max CVSS
4.9
EPSS Score
0.05%
Published
2023-08-25
Updated
2023-08-31
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper configuration. A successful exploit could allow an attacker to access system information.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-08-25
Updated
2023-08-31
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-08-25
Updated
2023-08-31
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-08-25
Updated
2023-08-31
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-09-14
Updated
2023-09-19
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-09-14
Updated
2023-09-19
The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.
Max CVSS
9.8
EPSS Score
0.14%
Published
2023-08-14
Updated
2023-08-22
A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters.
Max CVSS
7.2
EPSS Score
0.05%
Published
2023-05-24
Updated
2023-06-01
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-05-24
Updated
2023-06-01
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.
Max CVSS
9.8
EPSS Score
0.10%
Published
2023-05-24
Updated
2023-06-01
A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.
Max CVSS
9.8
EPSS Score
0.14%
Published
2023-05-24
Updated
2023-06-01
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts.
Max CVSS
7.4
EPSS Score
0.13%
Published
2023-05-24
Updated
2023-08-17
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful exploit could allow an attacker to execute arbitrary scripts.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-05-24
Updated
2023-06-01
A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to sensitive information.
Max CVSS
5.9
EPSS Score
0.11%
Published
2023-04-14
Updated
2023-04-24
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.
Max CVSS
7.5
EPSS Score
0.15%
Published
2023-02-13
Updated
2023-02-23
The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application.
Max CVSS
9.8
EPSS Score
0.43%
Published
2022-11-22
Updated
2022-11-26

CVE-2022-41223

Known exploited
Used for ransomware
The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.
Max CVSS
6.8
EPSS Score
0.20%
Published
2022-11-22
Updated
2022-11-26
CISA KEV Added
2023-02-21

CVE-2022-40765

Known exploited
Used for ransomware
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.
Max CVSS
6.8
EPSS Score
0.20%
Published
2022-11-22
Updated
2022-11-26
CISA KEV Added
2023-02-21
106 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!