Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
316 vulnerabilities by mitel
CERTFR-2026-AVI-0770
Vulnerability from certfr_avis - Published: 2026-06-18 - Updated: 2026-06-18
De multiples vulnérabilités ont été découvertes dans les produits Mitel. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mitel | MiCollab | MiCollab versions 9.8.x antérieures à 9.8 SP3 FP2 (9.8.3.203) | ||
| Mitel | MiCollab | MiCollab versions 10.2.x antérieures à 10.2 SP1 FP2 (10.2.1.205) | ||
| Mitel | MiVoice | MiVoice Business Solution Virtual Instance (MiVB SVI) versions 2.x antérieures à 2.1.0.9-4 | ||
| Mitel | MiVoice | MiVoice Business Solution Virtual Instance (MiVB SVI) versions 1.0 sans les derniers correctifs de sécurité |
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MiCollab versions 9.8.x ant\u00e9rieures \u00e0 9.8 SP3 FP2 (9.8.3.203)",
"product": {
"name": "MiCollab",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiCollab versions 10.2.x ant\u00e9rieures \u00e0 10.2 SP1 FP2 (10.2.1.205)",
"product": {
"name": "MiCollab",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiVoice Business Solution Virtual Instance (MiVB SVI) versions 2.x ant\u00e9rieures \u00e0 2.1.0.9-4",
"product": {
"name": "MiVoice",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiVoice Business Solution Virtual Instance (MiVB SVI) versions 1.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MiVoice",
"vendor": {
"name": "Mitel",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2026-06-18T00:00:00",
"last_revision_date": "2026-06-18T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0770",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mitel. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mitel",
"vendor_advisories": [
{
"published_at": "2026-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Mitel MISA-2026-0005",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2026-0005"
}
]
}
CERTFR-2026-AVI-0672
Vulnerability from certfr_avis - Published: 2026-06-01 - Updated: 2026-06-01
De multiples vulnérabilités ont été découvertes dans les produits Mitel. Elles permettent à un attaquant de provoquer une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mitel | MiVoice Business | MiVoice Business toutes versions 10.3.x | ||
| Mitel | Mitel Open Integration Gateway | Mitel Open Integration Gateway toutes versions 4.3.x | ||
| Mitel | OpenScape SBC | OpenScape SBC version V10.3 sans le correctif de sécurité KB000127880 | ||
| Mitel | OpenScape Branch | OpenScape Branch version V10.3 sans le correctif de sécurité KB000127880 | ||
| Mitel | Mitel SIP DECT | Mitel SIP DECT toutes versions 10.x sans le correctif de sécurité KB000127880 | ||
| Mitel | OpenScape Xpert Clients 6010P | OpenScape Xpert Clients 6010P version V7 sans le correctif de sécurité KB000127880 | ||
| Mitel | Mitel Standard Linux | Mitel Standard Linux toutes versions 12.x | ||
| Mitel | MiVoice Business | MiVoice Business toutes versions 10.1.x | ||
| Mitel | MiVoice MX-ONE | MiVoice MX-ONE toutes versions 8.x sans le correctif de sécurité KB000127880 | ||
| Mitel | OpenScape Voice Server | OpenScape Voice Server version V10 sans le correctif de sécurité KB000127880 | ||
| Mitel | MiVoice MX-ONE | MiVoice MX-ONE toutes versions 7.3 à 7.8 sans le correctif de sécurité KB000127880 | ||
| Mitel | MiCollab | MiCollab toutes versions 10.x sans le correctif de sécurité KB000127880 | ||
| Mitel | OpenScape Voice Server | OpenScape Voice Server version V9R3 JITC sans le correctif de sécurité KB000127880 | ||
| Mitel | OpenScape 4000 | OpenScape 4000 version V11 R0.22 sans le correctif de sécurité KB000127880 | ||
| Mitel | OpenScape 4000 | OpenScape 4000 toutes versions V10 R1.x sans le correctif de sécurité KB000127880 | ||
| Mitel | OpenScape Xpert Clients 6010P | OpenScape Xpert Clients 6010P version V8 sans le correctif de sécurité KB000127880 | ||
| Mitel | OpenScape SBC | OpenScape SBC toutes versions V11.x sans le correctif de sécurité KB000127880 | ||
| Mitel | MiVoice Business | MiVoice Business toutes versions 10.4.x | ||
| Mitel | OpenScape Contact Media Service (used by Mitel CX and OpenScape Contact Center) | OpenScape Contact Media Service (used by Mitel CXand OpenScape Contact Center) toutes versions V12Rx sans le correctif de sécurité KB000127880 | ||
| Mitel | MiVoice 5000 | MiVoice 5000 toutes versions 8.x sans le correctif de sécurité KB000127880 | ||
| Mitel | MiVoice Business | MiVoice Business toutes versions 10.2.x | ||
| Mitel | OpenScape Voice Server | OpenScape Voice Server version V11 sans le correctif de sécurité KB000127880 | ||
| Mitel | Mitel Performance Analytics | Mitel Performance Analytics toutes versions 3.6x sans le correctif de sécurité KB000127880 | ||
| Mitel | MiVoice Business Solution Virtual Instance | MiVoice Business Solution Virtual Instance toutes versions 2.x | ||
| Mitel | OpenScape 4000 | OpenScape 4000 version V11 R1.26 sans le correctif de sécurité KB000127880 | ||
| Mitel | MiVoice Business | MiVoice Business toutes versions 10.5.x | ||
| Mitel | MiCloud Management Portal | MiCloud Management Portal toutes versions 6.3.x | ||
| Mitel | MiVoice Border Gateway | MiVoice Border Gateway toutes versions 12.x | ||
| Mitel | MiVoice Border Gateway | MiVoice Border Gateway toutes versions 11.6.x | ||
| Mitel | OpenScape Branch | OpenScape Branch toutes versions V11.x sans le correctif de sécurité KB000127880 |
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MiVoice Business toutes versions 10.3.x",
"product": {
"name": "MiVoice Business",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "Mitel Open Integration Gateway toutes versions 4.3.x",
"product": {
"name": "Mitel Open Integration Gateway",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape SBC version V10.3 sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "OpenScape SBC",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape Branch version V10.3 sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "OpenScape Branch",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "Mitel SIP DECT toutes versions 10.x sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "Mitel SIP DECT",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape Xpert Clients 6010P version V7 sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "OpenScape Xpert Clients 6010P",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "Mitel Standard Linux toutes versions 12.x",
"product": {
"name": "Mitel Standard Linux",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiVoice Business toutes versions 10.1.x",
"product": {
"name": "MiVoice Business",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiVoice MX-ONE toutes versions 8.x sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "MiVoice MX-ONE",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape Voice Server version V10 sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "OpenScape Voice Server",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiVoice MX-ONE toutes versions 7.3 \u00e0 7.8 sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "MiVoice MX-ONE",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiCollab toutes versions 10.x sans le correctif de s\u00e9curit\u00e9 KB000127880 ",
"product": {
"name": "MiCollab",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape Voice Server version V9R3 JITC sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "OpenScape Voice Server",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape 4000 version V11 R0.22 sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "OpenScape 4000",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape 4000 toutes versions V10 R1.x sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "OpenScape 4000",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape Xpert Clients 6010P version V8 sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "OpenScape Xpert Clients 6010P",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape SBC toutes versions V11.x sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "OpenScape SBC",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiVoice Business toutes versions 10.4.x",
"product": {
"name": "MiVoice Business",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape Contact Media Service (used by Mitel CXand OpenScape Contact Center) toutes versions V12Rx sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "OpenScape Contact Media Service (used by Mitel CX and OpenScape Contact Center)",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiVoice 5000 toutes versions 8.x sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "MiVoice 5000",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiVoice Business toutes versions 10.2.x",
"product": {
"name": "MiVoice Business",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape Voice Server version V11 sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "OpenScape Voice Server",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "Mitel Performance Analytics toutes versions 3.6x sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "Mitel Performance Analytics",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiVoice Business Solution Virtual Instance toutes versions 2.x",
"product": {
"name": "MiVoice Business Solution Virtual Instance",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape 4000 version V11 R1.26 sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "OpenScape 4000",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiVoice Business toutes versions 10.5.x",
"product": {
"name": "MiVoice Business",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiCloud Management Portal toutes versions 6.3.x",
"product": {
"name": "MiCloud Management Portal",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiVoice Border Gateway toutes versions 12.x",
"product": {
"name": "MiVoice Border Gateway",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiVoice Border Gateway toutes versions 11.6.x",
"product": {
"name": "MiVoice Border Gateway",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape Branch toutes versions V11.x sans le correctif de s\u00e9curit\u00e9 KB000127880",
"product": {
"name": "OpenScape Branch",
"vendor": {
"name": "Mitel",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-43284",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43284"
},
{
"name": "CVE-2026-43500",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43500"
}
],
"initial_release_date": "2026-06-01T00:00:00",
"last_revision_date": "2026-06-01T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0672",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-01T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mitel. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mitel",
"vendor_advisories": [
{
"published_at": "2026-05-28",
"title": "Bulletin de s\u00e9curit\u00e9 Mitel MISA-2026-0004",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2026-0004"
}
]
}
CERTFR-2026-AVI-0411
Vulnerability from certfr_avis - Published: 2026-04-09 - Updated: 2026-04-09
De multiples vulnérabilités ont été découvertes dans Mitel MiCollab. Elles permettent à un attaquant de provoquer une élévation de privilèges et une injection SQL (SQLi).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MiCollab versions 10.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "MiCollab",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiCollab versions 10.2.x ant\u00e9rieures \u00e0 10.2 SP1 (10.2.1.11)",
"product": {
"name": "MiCollab",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiCollab versions 9.8.x \u00e0 9.8.SP3 FP1 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "MiCollab",
"vendor": {
"name": "Mitel",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2026-04-09T00:00:00",
"last_revision_date": "2026-04-09T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0411",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection SQL (SQLi)"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mitel MiCollab. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une injection SQL (SQLi).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mitel MiCollab",
"vendor_advisories": [
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Mitel MISA-2026-0002",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2026-0002"
}
]
}
CERTFR-2026-AVI-0319
Vulnerability from certfr_avis - Published: 2026-03-19 - Updated: 2026-03-19
Une vulnérabilité a été découverte dans les produits Mitel. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mitel | MiContact Center Business | MiContact Center Business versions 10.2.0.11 antérieures à 10.2.0.12 | ||
| Mitel | MiContact Center Business | MiContact Center Business version 10.1.0.5 sans le correctif de sécurité KB574059 | ||
| Mitel | MiContact Center Business | MiContact Center Business version 9.5.0.3 sans le correctif de sécurité KB574061 | ||
| Mitel | MiContact Center Business | MiContact Center Business version 10.0.0.4 sans le correctif de sécurité KB574060 | ||
| Mitel | Mitel CX | MCX versions 2.x antérieures à 2.1 |
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MiContact Center Business versions 10.2.0.11 ant\u00e9rieures \u00e0 10.2.0.12",
"product": {
"name": "MiContact Center Business",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiContact Center Business version 10.1.0.5 sans le correctif de s\u00e9curit\u00e9 KB574059",
"product": {
"name": "MiContact Center Business",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiContact Center Business version 9.5.0.3 sans le correctif de s\u00e9curit\u00e9 KB574061",
"product": {
"name": "MiContact Center Business",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiContact Center Business version 10.0.0.4 sans le correctif de s\u00e9curit\u00e9 KB574060",
"product": {
"name": "MiContact Center Business",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MCX versions 2.x ant\u00e9rieures \u00e0 2.1",
"product": {
"name": "Mitel CX",
"vendor": {
"name": "Mitel",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2026-03-19T00:00:00",
"last_revision_date": "2026-03-19T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0319",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Mitel. Elle permet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Mitel",
"vendor_advisories": [
{
"published_at": "2026-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 Mitel 2026-0001",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2026-0001"
}
]
}
CERTFR-2025-AVI-1097
Vulnerability from certfr_avis - Published: 2025-12-11 - Updated: 2026-01-06
Une vulnérabilité a été découverte dans les produits Mitel. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur précise que les versions correctives ne sont pas encore disponibles. Dans l'attente de leur disponibilité, il est nécessaire d'appliquer les correctifs de sécurité KB20257760, KB573971, KB573970 et KB573969 pour MiContact Center Business et KB20254739 pour Mitel CX.
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mitel | MiContact Center Enterprise | MiContact Center Business versions antérieures à 10.0.2 FP 11 (10.2.0.11) | ||
| Mitel | Mitel CX | Mitel CX versions antérieures à MCX 2.0 |
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MiContact Center Business versions ant\u00e9rieures \u00e0 10.0.2 FP 11 (10.2.0.11)",
"product": {
"name": "MiContact Center Enterprise",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "Mitel CX versions ant\u00e9rieures \u00e0 MCX 2.0",
"product": {
"name": "Mitel CX",
"vendor": {
"name": "Mitel",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur pr\u00e9cise que les versions correctives ne sont pas encore disponibles.\nDans l\u0027attente de leur disponibilit\u00e9, il est n\u00e9cessaire d\u0027appliquer les correctifs de s\u00e9curit\u00e9 KB20257760, KB573971, KB573970 et KB573969 pour MiContact Center Business et KB20254739 pour Mitel CX.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-67823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67823"
}
],
"initial_release_date": "2025-12-11T00:00:00",
"last_revision_date": "2026-01-06T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1097",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-11T00:00:00.000000"
},
{
"description": "Ajout de l\u0027identifiant CVE-2025-67823. L\u0027avis \u00e9diteur concerne une seule vuln\u00e9rabilit\u00e9.",
"revision_date": "2026-01-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Mitel. Elle permet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Mitel",
"vendor_advisories": [
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Mitel MISA-2025-0010",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0010"
}
]
}
CERTFR-2025-AVI-0618
Vulnerability from certfr_avis - Published: 2025-07-24 - Updated: 2026-01-28
De multiples vulnérabilités ont été découvertes dans les produits Mitel. Elles permettent à un attaquant de provoquer une injection SQL (SQLi) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Les correctifs pour MiVoice MX-ONE version 7.3 et postérieures sont disponibles à la discrétion de Mitel.
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mitel | MiCollab | MiCollab versions antérieures à 9.8 SP3 FP1 (9.8.3.103) | ||
| Mitel | MiVoice MX-ONE | MiVoice MX-ONE versions 7.8 sans le correctif MXO-15711_78SP0 | ||
| Mitel | MiVoice MX-ONE | MiVoice MX-ONE versions 7.8 SP1 sans le correctif MXO-15711_78SP1 | ||
| Mitel | MiCollab | MiCollab versions 10.x antérieures à 10.1 (10.1.0.10) |
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MiCollab versions ant\u00e9rieures \u00e0 9.8 SP3 FP1 (9.8.3.103)",
"product": {
"name": "MiCollab",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiVoice MX-ONE versions 7.8 sans le correctif MXO-15711_78SP0",
"product": {
"name": "MiVoice MX-ONE",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiVoice MX-ONE versions 7.8 SP1 sans le correctif MXO-15711_78SP1",
"product": {
"name": "MiVoice MX-ONE",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiCollab versions 10.x ant\u00e9rieures \u00e0 10.1 (10.1.0.10)",
"product": {
"name": "MiCollab",
"vendor": {
"name": "Mitel",
"scada": false
}
}
}
],
"affected_systems_content": "Les correctifs pour MiVoice MX-ONE version 7.3 et post\u00e9rieures sont disponibles \u00e0 la discr\u00e9tion de Mitel.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-52914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52914"
},
{
"name": "CVE-2025-67822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67822"
}
],
"initial_release_date": "2025-07-24T00:00:00",
"last_revision_date": "2026-01-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0618",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-24T00:00:00.000000"
},
{
"description": "Ajout R\u00e9f\u00e9rence CVE CVE-2025-67822",
"revision_date": "2026-01-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mitel. Elles permettent \u00e0 un attaquant de provoquer une injection SQL (SQLi) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mitel",
"vendor_advisories": [
{
"published_at": "2025-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 Mitel 2025-0008",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0008"
},
{
"published_at": "2025-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 Mitel 2025-0009",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0009"
}
]
}
CERTFR-2025-AVI-0503
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans les produits Mitel. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mitel | MiCollab | MiCollab versions antérieures à 9.8 SP3 (9.8.3.1) | ||
| Mitel | OpenScape Accounting Management | OpenScape Accounting Management versions antérieures à V5 R1.1.4 |
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MiCollab versions ant\u00e9rieures \u00e0 9.8 SP3 (9.8.3.1)",
"product": {
"name": "MiCollab",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape Accounting Management versions ant\u00e9rieures \u00e0 V5 R1.1.4",
"product": {
"name": "OpenScape Accounting Management",
"vendor": {
"name": "Mitel",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-23092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23092"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0503",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Mitel. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mitel",
"vendor_advisories": [
{
"published_at": "2025-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Mitel 2025-0007",
"url": "https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0007"
},
{
"published_at": "2025-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Mitel 2025-0006",
"url": "https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0006"
}
]
}
CERTFR-2025-AVI-0431
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Mitel OpenScapeXpressions. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mitel | OpenScapeXpressions | OpenScapeXpressions versions V7R1 FR5 HF43 P913 antérieures à V7R1 FR5 HF43 P914 (WebApl-811FR5-20970 hotfix) |
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OpenScapeXpressions versions V7R1 FR5 HF43 P913 ant\u00e9rieures \u00e0 V7R1 FR5 HF43 P914 (WebApl-811FR5-20970 hotfix)",
"product": {
"name": "OpenScapeXpressions",
"vendor": {
"name": "Mitel",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-48026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48026"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0431",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Mitel OpenScapeXpressions. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Vuln\u00e9rabilit\u00e9 dans Mitel OpenScapeXpressions",
"vendor_advisories": [
{
"published_at": "2025-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Mitel 2025-0005",
"url": "https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0005"
}
]
}
CERTFR-2025-AVI-0388
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Mitel. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mitel | téléphones SIP séries 6900 | téléphones SIP séries 6900 versions antérieures à R6.4.0.SP5 | ||
| Mitel | 6970 Conference Unit | 6970 Conference Unit versions antérieures à R6.4.0.SP5 | ||
| Mitel | téléphones SIP séries 6900w | téléphones SIP séries 6900w versions antérieures à R6.4.0.SP5 | ||
| Mitel | téléphones SIP séries 6800 | téléphones SIP séries 6800 versions antérieures à R6.4.0.SP5 |
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "t\u00e9l\u00e9phones SIP s\u00e9ries 6900 versions ant\u00e9rieures \u00e0 R6.4.0.SP5",
"product": {
"name": "t\u00e9l\u00e9phones SIP s\u00e9ries 6900",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "6970 Conference Unit versions ant\u00e9rieures \u00e0 R6.4.0.SP5",
"product": {
"name": "6970 Conference Unit",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "t\u00e9l\u00e9phones SIP s\u00e9ries 6900w versions ant\u00e9rieures \u00e0 R6.4.0.SP5",
"product": {
"name": "t\u00e9l\u00e9phones SIP s\u00e9ries 6900w",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "t\u00e9l\u00e9phones SIP s\u00e9ries 6800 versions ant\u00e9rieures \u00e0 R6.4.0.SP5",
"product": {
"name": "t\u00e9l\u00e9phones SIP s\u00e9ries 6800",
"vendor": {
"name": "Mitel",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-47187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47187"
},
{
"name": "CVE-2025-47188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47188"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0388",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mitel. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mitel",
"vendor_advisories": [
{
"published_at": "2025-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 Mitel 2025-0004",
"url": "https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0004"
}
]
}
CERTFR-2025-AVI-0246
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Mitel MiContact Center Business. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mitel | MiContact Center Business | MiContact Center Business versions 10.1.0.x antérieures à 10.1.0.5 sans le correctif de sécurité KB571322 | ||
| Mitel | MiContact Center Business | MiContact Center Business versions 10.0.0.x antérieures à 10.0.0.4 sans le correctif de sécurité KB571372 | ||
| Mitel | MiContact Center Business | MiContact Center Business versions 10.2.0.x antérieures à 10.20.5 | ||
| Mitel | MiContact Center Business | MiContact Center Business versions antérieures à 9.5.0.3 sans le correctif de sécurité KB571320 |
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MiContact Center Business versions 10.1.0.x ant\u00e9rieures \u00e0 10.1.0.5 sans le correctif de s\u00e9curit\u00e9 KB571322",
"product": {
"name": "MiContact Center Business",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiContact Center Business versions 10.0.0.x ant\u00e9rieures \u00e0 10.0.0.4 sans le correctif de s\u00e9curit\u00e9 KB571372",
"product": {
"name": "MiContact Center Business",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiContact Center Business versions 10.2.0.x ant\u00e9rieures \u00e0 10.20.5",
"product": {
"name": "MiContact Center Business",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiContact Center Business versions ant\u00e9rieures \u00e0 9.5.0.3 sans le correctif de s\u00e9curit\u00e9 KB571320",
"product": {
"name": "MiContact Center Business",
"vendor": {
"name": "Mitel",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-23092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23092"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0246",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Mitel MiContact Center Business. Elle permet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
"title": "Vuln\u00e9rabilit\u00e9 dans Mitel MiContact Center Business",
"vendor_advisories": [
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Mitel MISA-2025-0003",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0003"
}
]
}
CERTFR-2025-AVI-0065
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Mitel. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mitel | MiContact Center Business | MiContact Center Business versions 10.2.0.x antérieures à 10.2.0.3 (KB20256817) | ||
| Mitel | OpenScape 4000 | OpenScape 4000 versions V11 R0.22.x antérieures à V11 R0.22.2 | ||
| Mitel | MiContact Center Business | MiContact Center Business versions 10.1.0.x antérieures à 10.1.0.5 (KB570775) | ||
| Mitel | MiContact Center Business | MiContact Center Business versions antérieures à 10.0.0.4 (KB569707) | ||
| Mitel | OpenScape 4000 | OpenScape 4000 versions V10 R1.54.x antérieures à V10 R1.54.2 | ||
| Mitel | OpenScape 4000 Manager | OpenScape 4000 versions antérieures à V10 R1.42.7 | ||
| Mitel | OpenScape 4000 | OpenScape 4000 versions antérieures à V10 R1.42.7 | ||
| Mitel | OpenScape 4000 Manager | OpenScape 4000 versions V10 R1.54.x antérieures à V10 R1.54.2 | ||
| Mitel | OpenScape 4000 Manager | OpenScape 4000 versions V11 R0.22.x antérieures à V11 R0.22.2 |
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MiContact Center Business versions 10.2.0.x ant\u00e9rieures \u00e0 10.2.0.3 (KB20256817)",
"product": {
"name": "MiContact Center Business",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape 4000 versions V11 R0.22.x ant\u00e9rieures \u00e0 V11 R0.22.2",
"product": {
"name": "OpenScape 4000",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiContact Center Business versions 10.1.0.x ant\u00e9rieures \u00e0 10.1.0.5 (KB570775)",
"product": {
"name": "MiContact Center Business",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "MiContact Center Business versions ant\u00e9rieures \u00e0 10.0.0.4 (KB569707)",
"product": {
"name": "MiContact Center Business",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape 4000 versions V10 R1.54.x ant\u00e9rieures \u00e0 V10 R1.54.2",
"product": {
"name": "OpenScape 4000",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape 4000 versions ant\u00e9rieures \u00e0 V10 R1.42.7",
"product": {
"name": "OpenScape 4000 Manager",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape 4000 versions ant\u00e9rieures \u00e0 V10 R1.42.7",
"product": {
"name": "OpenScape 4000",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape 4000 versions V10 R1.54.x ant\u00e9rieures \u00e0 V10 R1.54.2",
"product": {
"name": "OpenScape 4000 Manager",
"vendor": {
"name": "Mitel",
"scada": false
}
}
},
{
"description": "OpenScape 4000 versions V11 R0.22.x ant\u00e9rieures \u00e0 V11 R0.22.2",
"product": {
"name": "OpenScape 4000 Manager",
"vendor": {
"name": "Mitel",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-23093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23093"
},
{
"name": "CVE-2025-23094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23094"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0065",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mitel. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mitel",
"vendor_advisories": [
{
"published_at": "2025-01-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mitel 2025-0002",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0002"
},
{
"published_at": "2025-01-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mitel 2025-0001",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0001"
}
]
}
CVE-2025-67823 (GCVE-0-2025-67823)
Vulnerability from nvd – Published: 2026-01-15 00:00 – Updated: 2026-01-16 15:02- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-67823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T15:01:07.340578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T15:02:06.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction where the email channel is enabled. This could allow an attacker to execute arbitrary scripts in the victim\u0027s browser or desktop client application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T21:17:56.511Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories"
},
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0010"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-67823",
"datePublished": "2026-01-15T00:00:00.000Z",
"dateReserved": "2025-12-12T00:00:00.000Z",
"dateUpdated": "2026-01-16T15:02:06.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-67822 (GCVE-0-2025-67822)
Vulnerability from nvd – Published: 2026-01-15 00:00 – Updated: 2026-01-16 14:59- n/a
- CWE-287 - Improper Authentication
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-67822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T14:55:43.213583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T14:59:20.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanisms. A successful exploit could allow an attacker to gain unauthorized access to user or admin accounts in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T21:30:04.740Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories"
},
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0009"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-67822",
"datePublished": "2026-01-15T00:00:00.000Z",
"dateReserved": "2025-12-12T00:00:00.000Z",
"dateUpdated": "2026-01-16T14:59:20.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52914 (GCVE-0-2025-52914)
Vulnerability from nvd – Published: 2025-08-08 00:00 – Updated: 2025-08-08 17:55- n/a
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-52914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-08T17:50:09.458287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T17:55:00.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T17:31:56.565Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories"
},
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0008"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-52914",
"datePublished": "2025-08-08T00:00:00.000Z",
"dateReserved": "2025-06-21T00:00:00.000Z",
"dateUpdated": "2025-08-08T17:55:00.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55550 (GCVE-0-2024-55550)
Vulnerability from nvd – Published: 2024-12-10 00:00 – Updated: 2025-10-21 22:55- n/a
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-55550",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-11T04:55:17.443947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-01-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:34.692Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-07T00:00:00.000Z",
"value": "CVE-2024-55550 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T18:14:31.870Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories"
},
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-55550",
"datePublished": "2024-12-10T00:00:00.000Z",
"dateReserved": "2024-12-08T00:00:00.000Z",
"dateUpdated": "2025-10-21T22:55:34.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47224 (GCVE-0-2024-47224)
Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2024-11-05 21:05- n/a
- CWE-116 - Improper Encoding or Escaping of Output
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47224",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:11:52.099763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T21:05:47.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T20:09:33.221Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0025"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-47224",
"datePublished": "2024-10-21T00:00:00.000Z",
"dateReserved": "2024-09-22T00:00:00.000Z",
"dateUpdated": "2024-11-05T21:05:47.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41714 (GCVE-0-2024-41714)
Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2024-10-22 14:03- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| mitel | micollab |
Affected:
0 , ≤ 9.8-SP1-\/9.8.1.5\/
(custom)
cpe:2.3:a:mitel:micollab:-:*:*:*:*:-:*:* |
|
| mitel | mivoice_business_solutions_virtual_instance |
Affected:
0 , ≤ 1.0.0.27
(custom)
cpe:2.3:a:mitel:mivoice_business_solutions_virtual_instance:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mitel:micollab:-:*:*:*:*:-:*:*"
],
"defaultStatus": "unknown",
"product": "micollab",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "9.8-SP1-\\/9.8.1.5\\/",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitel:mivoice_business_solutions_virtual_instance:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mivoice_business_solutions_virtual_instance",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "1.0.0.27",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T14:00:32.207511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T14:03:51.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T20:11:58.779Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0021"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41714",
"datePublished": "2024-10-21T00:00:00.000Z",
"dateReserved": "2024-07-22T00:00:00.000Z",
"dateUpdated": "2024-10-22T14:03:51.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41713 (GCVE-0-2024-41713)
Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2025-10-21 22:55- n/a
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| URL | Tags |
|---|---|
| https://www.mitel.com/support/security-advisories… | |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mitel:micollab:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "micollab",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "9.8.1.201",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41713",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-11T04:55:15.981762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-01-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41713"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:42.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41713"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-07T00:00:00.000Z",
"value": "CVE-2024-41713 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users\u0027 data and system configurations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T20:52:04.542Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41713",
"datePublished": "2024-10-21T00:00:00.000Z",
"dateReserved": "2024-07-22T00:00:00.000Z",
"dateUpdated": "2025-10-21T22:55:42.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41712 (GCVE-0-2024-41712)
Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2024-10-23 20:25- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mitel:micollab:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "micollab",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "9.8.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41712",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T20:22:48.202829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T20:25:05.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T20:14:22.692Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0022"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41712",
"datePublished": "2024-10-21T00:00:00.000Z",
"dateReserved": "2024-07-22T00:00:00.000Z",
"dateUpdated": "2024-10-23T20:25:05.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35315 (GCVE-0-2024-35315)
Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2024-10-23 20:43- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| mitel | micollab |
Affected:
0 , ≤ 9.7.1.110
(custom)
cpe:2.3:a:mitel:micollab:-:*:*:*:*:android:*:* |
|
| mitel | mivoice_business |
Affected:
1.0.0.25
cpe:2.3:a:mitel:mivoice_business:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mitel:micollab:-:*:*:*:*:android:*:*"
],
"defaultStatus": "unknown",
"product": "micollab",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "9.7.1.110",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitel:mivoice_business:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mivoice_business",
"vendor": "mitel",
"versions": [
{
"status": "affected",
"version": "1.0.0.25"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T20:40:00.772225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T20:43:02.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T20:18:27.634Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0016"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-35315",
"datePublished": "2024-10-21T00:00:00.000Z",
"dateReserved": "2024-05-17T00:00:00.000Z",
"dateUpdated": "2024-10-23T20:43:02.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35314 (GCVE-0-2024-35314)
Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2025-03-25 14:14- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| mitel | micollab |
Affected:
0 , ≤ 9.7.1.110
(custom)
cpe:2.3:a:mitel:micollab:-:*:*:*:*:-:*:* |
|
| mitel | mivoice_business_solutions_virtual_instance |
Affected:
0 , ≤ 1.0.0.25
(custom)
cpe:2.3:a:mitel:mivoice_business_solutions_virtual_instance:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mitel:micollab:-:*:*:*:*:-:*:*"
],
"defaultStatus": "unknown",
"product": "micollab",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "9.7.1.110",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitel:mivoice_business_solutions_virtual_instance:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mivoice_business_solutions_virtual_instance",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "1.0.0.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:47:55.274909Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T14:14:25.141Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T17:56:14.690Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0015"
},
{
"url": "https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0015-001-v3.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-35314",
"datePublished": "2024-10-21T00:00:00.000Z",
"dateReserved": "2024-05-17T00:00:00.000Z",
"dateUpdated": "2025-03-25T14:14:25.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35287 (GCVE-0-2024-35287)
Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2024-10-22 13:29- n/a
- CWE-276 - Incorrect Default Permissions
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mitel:micollab:-:*:*:*:*:-:*:*"
],
"defaultStatus": "unknown",
"product": "micollab",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "9.8-SP1-\\/9.8.1.5\\/",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:21:45.975898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:29:45.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T20:53:56.151Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-35287",
"datePublished": "2024-10-21T00:00:00.000Z",
"dateReserved": "2024-05-15T00:00:00.000Z",
"dateUpdated": "2024-10-22T13:29:45.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35286 (GCVE-0-2024-35286)
Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2024-12-10 04:55- n/a
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mitel:micollab:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "micollab",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "9.8.0.33",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35286",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T04:55:53.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T20:41:02.281Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0014"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-35286",
"datePublished": "2024-10-21T00:00:00.000Z",
"dateReserved": "2024-05-15T00:00:00.000Z",
"dateUpdated": "2024-12-10T04:55:53.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35285 (GCVE-0-2024-35285)
Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2024-10-22 19:35- n/a
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| mitel | micollab_nupoint_messanger |
Affected:
0 , ≤ 9.8.0.33
(custom)
cpe:2.3:a:mitel:micollab_nupoint_messanger:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mitel:micollab_nupoint_messanger:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "micollab_nupoint_messanger",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "9.8.0.33",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T14:04:39.301964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T19:35:11.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T20:16:34.911Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0013"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-35285",
"datePublished": "2024-10-21T00:00:00.000Z",
"dateReserved": "2024-05-15T00:00:00.000Z",
"dateUpdated": "2024-10-22T19:35:11.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30160 (GCVE-0-2024-30160)
Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2025-03-22 14:21- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-30160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:58:25.835482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-22T14:21:05.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T20:42:52.294Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0005"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-30160",
"datePublished": "2024-10-21T00:00:00.000Z",
"dateReserved": "2024-03-24T00:00:00.000Z",
"dateUpdated": "2025-03-22T14:21:05.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30159 (GCVE-0-2024-30159)
Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2025-03-22 14:45- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-30159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:59:11.032349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-22T14:45:55.462Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T20:46:54.192Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0005"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-30159",
"datePublished": "2024-10-21T00:00:00.000Z",
"dateReserved": "2024-03-24T00:00:00.000Z",
"dateUpdated": "2025-03-22T14:45:55.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-67822 (GCVE-0-2025-67822)
Vulnerability from cvelistv5 – Published: 2026-01-15 00:00 – Updated: 2026-01-16 14:59- n/a
- CWE-287 - Improper Authentication
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-67822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T14:55:43.213583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T14:59:20.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanisms. A successful exploit could allow an attacker to gain unauthorized access to user or admin accounts in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T21:30:04.740Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories"
},
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0009"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-67822",
"datePublished": "2026-01-15T00:00:00.000Z",
"dateReserved": "2025-12-12T00:00:00.000Z",
"dateUpdated": "2026-01-16T14:59:20.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-67823 (GCVE-0-2025-67823)
Vulnerability from cvelistv5 – Published: 2026-01-15 00:00 – Updated: 2026-01-16 15:02- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-67823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T15:01:07.340578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T15:02:06.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction where the email channel is enabled. This could allow an attacker to execute arbitrary scripts in the victim\u0027s browser or desktop client application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T21:17:56.511Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories"
},
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0010"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-67823",
"datePublished": "2026-01-15T00:00:00.000Z",
"dateReserved": "2025-12-12T00:00:00.000Z",
"dateUpdated": "2026-01-16T15:02:06.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52914 (GCVE-0-2025-52914)
Vulnerability from cvelistv5 – Published: 2025-08-08 00:00 – Updated: 2025-08-08 17:55- n/a
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-52914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-08T17:50:09.458287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T17:55:00.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T17:31:56.565Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories"
},
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0008"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-52914",
"datePublished": "2025-08-08T00:00:00.000Z",
"dateReserved": "2025-06-21T00:00:00.000Z",
"dateUpdated": "2025-08-08T17:55:00.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55550 (GCVE-0-2024-55550)
Vulnerability from cvelistv5 – Published: 2024-12-10 00:00 – Updated: 2025-10-21 22:55- n/a
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-55550",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-11T04:55:17.443947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-01-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:34.692Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-07T00:00:00.000Z",
"value": "CVE-2024-55550 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T18:14:31.870Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories"
},
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-55550",
"datePublished": "2024-12-10T00:00:00.000Z",
"dateReserved": "2024-12-08T00:00:00.000Z",
"dateUpdated": "2025-10-21T22:55:34.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}