cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-55550,https://securityvulnerability.io/vulnerability/CVE-2024-55550,Local File Read Vulnerability in Mitel MiCollab Product,"Mitel MiCollab versions up to 9.8 SP2 are susceptible to a local file read vulnerability. Authenticated attackers with administrative privileges can exploit this issue due to insufficient input sanitization. This flaw enables access to resources typically restricted to admin-level access, allowing disclosure of non-sensitive system information. However, this vulnerability does not permit file modifications or privilege escalations.",Mitel,Micollab,2.7,LOW,0.42715999484062195,true,2025-01-07T00:00:00.000Z,false,false,true,2025-01-07T00:00:00.000Z,,false,false,,2024-12-10T19:15:00.000Z,0
CVE-2024-41713,https://securityvulnerability.io/vulnerability/CVE-2024-41713,Mitel NuPoint Unified Messaging (NPM) Vulnerability: Path Traversal Attack,"A vulnerability exists within the NuPoint Unified Messaging component of Mitel MiCollab, where insufficient input validation may result in a path traversal attack. An unauthenticated attacker who successfully exploits this vulnerability could gain unauthorized access, potentially allowing them to view, corrupt, or delete sensitive user data and critical system configurations. Organizations using affected versions should prioritize securing their systems against potential exploits to mitigate the risk of data breaches.",Mitel,Micollab,9.1,CRITICAL,0.9543700218200684,true,2025-01-07T00:00:00.000Z,true,false,true,2024-12-05T14:07:33.000Z,,true,false,,2024-10-21T21:15:00.000Z,3587
CVE-2024-30160,https://securityvulnerability.io/vulnerability/CVE-2024-30160,Mitel MiCollab Stored XSS Vulnerability Could Lead to Arbitrary Script Execution,A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.,Mitel,Micollab,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-21T21:15:00.000Z,0
CVE-2024-30159,https://securityvulnerability.io/vulnerability/CVE-2024-30159,Authenticated Stored Cross-Site Scripting (XSS) Vulnerability,A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.,Mitel,Micollab,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-21T21:15:00.000Z,0
CVE-2024-30158,https://securityvulnerability.io/vulnerability/CVE-2024-30158,Attackers with Admin Privs Can Abuse SQL Injections,"A SQL Injection vulnerability exists in the web conferencing component of Mitel MiCollab through version 9.7.1.110. This security flaw permits an authenticated user with administrative privileges to execute SQL Injection attacks, attributed to the insufficient validation of user input. If successfully exploited, the attacker could perform unauthorized database operations and management actions, potentially compromising the integrity and confidentiality of the system.",Mitel,Micollab,7.2,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-21T21:15:00.000Z,0
CVE-2024-30157,https://securityvulnerability.io/vulnerability/CVE-2024-30157,Suite Applications Services Vulnerability Could Lead to SQL Injection,"A vulnerability identified in the Suite Applications Services component of Mitel MiCollab through version 9.7.1.110 presents significant security risks. The flaw arises from inadequate validation of user input, which can potentially enable an authenticated attacker with administrative privileges to execute a SQL Injection attack. This exploitation could facilitate unauthorized database access and pose threats to data integrity and confidentiality. Organizations leveraging Mitel MiCollab should prioritize addressing this vulnerability through timely patches and enhanced security practices.",Mitel,Micollab,7.2,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-21T21:15:00.000Z,0
CVE-2023-25597,https://securityvulnerability.io/vulnerability/CVE-2023-25597,Improper Authentication in Mitel MiCollab Web Conferencing Component,"A security flaw exists in the web conferencing component of Mitel MiCollab versions through 9.6.2.9, which could be exploited by an unauthenticated attacker. This vulnerability allows the attacker to craft a request that could facilitate the download of shared files by revealing their exact path and filename. The lack of proper authentication controls could lead to unauthorized access to sensitive files, posing significant risks to data confidentiality.",Mitel,Micollab,5.9,MEDIUM,0.0013800000306218863,false,,false,false,false,,,false,false,,2023-04-14T00:00:00.000Z,0
CVE-2022-41326,https://securityvulnerability.io/vulnerability/CVE-2022-41326,Remote Code Execution Vulnerability in Mitel MiCollab Web Conferencing Component,"The web conferencing component of Mitel MiCollab, up to version 9.6.0.13, is susceptible to a vulnerability that enables unauthenticated attackers to upload arbitrary scripts. This occurs due to insufficient authorization checks, potentially leading to remote code execution within the application's context. If exploited, the attacker could gain unauthorized access and control over the affected system, posing significant security risks.",Mitel,Micollab,9.8,CRITICAL,0.003949999809265137,false,,false,false,false,,,false,false,,2022-11-22T00:00:00.000Z,0
CVE-2022-36452,https://securityvulnerability.io/vulnerability/CVE-2022-36452,File Upload Vulnerability in Mitel MiCollab Web Conferencing Component,"A vulnerability has been identified in the web conferencing component of Mitel MiCollab, where unauthenticated attackers can exploit the system to upload malicious files. This could potentially allow for arbitrary code execution within the application, posing significant risks to users. It is crucial for organizations using affected versions of the product to implement the necessary security measures to mitigate this risk.",Mitel,Micollab,9.8,CRITICAL,0.0027199999894946814,false,,false,false,false,,,false,false,,2022-10-25T00:00:00.000Z,0
CVE-2022-36451,https://securityvulnerability.io/vulnerability/CVE-2022-36451,Server-Side Request Forgery Vulnerability in Mitel MiCollab Client,"A vulnerability in the MiCollab Client's server component allows an authenticated attacker to exploit the system through a Server-Side Request Forgery (SSRF) attack. This is made possible by insufficient restrictions on URL parameters, which can be manipulated to exploit the host server's connections and permissions. Successful exploitation could potentially allow unauthorized access to sensitive resources, highlighting the importance of updating to the latest version to mitigate risks.",Mitel,Micollab,8.8,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2022-10-25T00:00:00.000Z,0
CVE-2022-36453,https://securityvulnerability.io/vulnerability/CVE-2022-36453,Improper Authorization Vulnerability in Mitel MiCollab API,"A security vulnerability exists in the MiCollab Client API of Mitel MiCollab versions 9.1.3 through 9.5.0.101, which can be exploited by authenticated attackers. Due to insufficient authorization controls, an attacker is able to modify profile parameters, potentially gaining control over another user's extension number. This could lead to unauthorized actions and access within the communication system, raising significant security concerns for users utilizing affected versions of MiCollab.",Mitel,Micollab,8.8,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2022-10-25T00:00:00.000Z,0
CVE-2022-36454,https://securityvulnerability.io/vulnerability/CVE-2022-36454,Improper Authorization in Mitel MiCollab Client API Allowing User Impersonation,"A security issue in the MiCollab Client API of Mitel MiCollab through version 9.5.0.101 permits authenticated users to modify their profile parameters due to insufficient authorization controls. This vulnerability may lead to an authenticated attacker impersonating the name of another user, posing significant risks to user identity and security within the system.",Mitel,Micollab,6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2022-10-25T00:00:00.000Z,0
CVE-2022-26143,https://securityvulnerability.io/vulnerability/CVE-2022-26143,Remote Information Disclosure and Denial of Service in Mitel MiCollab and MiVoice Business Express,"The vulnerability in the TP-240 component of Mitel's MiCollab and MiVoice Business Express products allows remote attackers to exploit weaknesses leading to sensitive information exposure and denial of service. Attackers can leverage this vulnerability to initiate traffic amplification attacks, contributing to performance degradation and excessive outbound traffic. Notably exploited in early 2022, this vulnerability poses significant risks to network stability and data confidentiality.",Mitel,"Micollab,Mivoice Business Express",9.8,CRITICAL,0.3090299963951111,true,2022-03-25T00:00:00.000Z,false,false,true,2022-03-25T00:00:00.000Z,,false,false,,2022-03-10T17:47:00.000Z,0
CVE-2021-32069,https://securityvulnerability.io/vulnerability/CVE-2021-32069,Man-In-the-Middle Vulnerability in Mitel MiCollab,"The AWV component of Mitel MiCollab prior to version 9.3 is susceptible to a vulnerability that could enable attackers to execute Man-In-the-Middle attacks. This occurs due to improper negotiation within the TLS protocol, potentially allowing unauthorized access to sensitive data, which could be viewed and altered by the attacker. This vulnerability raises significant concerns regarding the integrity and confidentiality of communications facilitated by the affected products.",Mitel,Micollab,4.8,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-08-13T15:37:36.000Z,0
CVE-2021-32072,https://securityvulnerability.io/vulnerability/CVE-2021-32072,Insufficient Output Sanitization in Mitel MiCollab Client Service,"The MiCollab Client Service in Mitel MiCollab versions prior to 9.3 is susceptible to an output sanitization flaw that could allow attackers to retrieve sensitive source code information. This vulnerability arises from inadequate sanitization of output, leading to potential disclosure of application data. If exploited, this flaw could enable an attacker to view confidential source code methods, posing risks to the integrity and confidentiality of the application.",Mitel,Micollab,6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2021-08-13T15:32:58.000Z,0
CVE-2021-32071,https://securityvulnerability.io/vulnerability/CVE-2021-32071,Improper Access Control Vulnerability in Mitel MiCollab Client Service,"The MiCollab Client service in Mitel MiCollab prior to version 9.3 is susceptible to an improper access control vulnerability. This flaw allows unauthorized users to successfully access the system, enabling them to view and potentially manipulate application data. Furthermore, the vulnerability opens the door for attackers to induce a denial of service, disrupting normal operations for legitimate users.",Mitel,Micollab,9.8,CRITICAL,0.00203999993391335,false,,false,false,false,,,false,false,,2021-08-13T15:31:56.000Z,0
CVE-2021-32070,https://securityvulnerability.io/vulnerability/CVE-2021-32070,Clickjacking Vulnerability in Mitel MiCollab Client Service,"The MiCollab Client Service in earlier versions of Mitel MiCollab is susceptible to clickjacking attacks due to improper header response configurations. This flaw allows attackers to manipulate browser headers, potentially redirecting users to malicious sites. Organizations using affected versions should urgently apply mitigations or updates to safeguard user interactions and protect their data integrity.",Mitel,Micollab,5.4,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2021-08-13T15:31:11.000Z,0
CVE-2021-32068,https://securityvulnerability.io/vulnerability/CVE-2021-32068,Man-In-the-Middle Vulnerability in Mitel MiCollab and AWV Components,"The vulnerability present in Mitel's MiCollab and AWV Client Service allows a potential attacker to exploit insufficient TLS session controls by sending multiple session renegotiation requests. This flaw could lead to a Man-In-the-Middle attack, enabling the attacker to intercept and modify application data and state, compromising the integrity and confidentiality of communications.",Mitel,Micollab,3.7,LOW,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-08-13T15:28:55.000Z,0
CVE-2021-32067,https://securityvulnerability.io/vulnerability/CVE-2021-32067,Output Sanitization Flaw in Mitel MiCollab Product,"The MiCollab Client Service component in Mitel MiCollab prior to version 9.3 is vulnerable to a flaw that allows attackers to access sensitive system information. This issue arises from a lack of proper output sanitization, leading to potential data leakage through HTTP responses. Organizations using affected versions are advised to update to mitigate these risks and enhance their security posture.",Mitel,Micollab,6.5,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2021-08-13T15:27:42.000Z,0
CVE-2021-27402,https://securityvulnerability.io/vulnerability/CVE-2021-27402,Directory Traversal Vulnerability in Mitel MiCollab Admin Portal,"The SAS Admin portal of Mitel MiCollab prior to version 9.2 FP2 is susceptible to a directory traversal vulnerability. This flaw allows an unauthenticated attacker to potentially access and modify user data by exploiting improper URL validation mechanisms, thereby injecting arbitrary directory paths. This vulnerability raises significant security concerns as it can lead to unauthorized exposure and alteration of sensitive information.",Mitel,Micollab,6.5,MEDIUM,0.0014299999456852674,false,,false,false,false,,,false,false,,2021-08-13T15:25:36.000Z,0
CVE-2021-27401,https://securityvulnerability.io/vulnerability/CVE-2021-27401,Cross-Site Scripting Vulnerability in Mitel MiCollab Web Client,"The Join Meeting page of Mitel MiCollab Web Client versions prior to 9.2 FP2 is susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw arises from insufficient input validation, permitting attackers to execute arbitrary code. Exploiting this vulnerability could lead to unauthorized access, enabling attackers to view and modify user data.",Mitel,Micollab,6.1,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2021-08-13T15:18:28.000Z,0
CVE-2020-35547,https://securityvulnerability.io/vulnerability/CVE-2020-35547,,A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data.,Mitel,Micollab,9.1,CRITICAL,0.0017800000496208668,false,,false,false,false,,,false,false,,2021-01-29T06:27:08.000Z,0
CVE-2020-25608,https://securityvulnerability.io/vulnerability/CVE-2020-25608,,"The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection.",Mitel,Micollab,7.2,HIGH,0.0007900000200606883,false,,false,false,false,,,false,false,,2020-12-18T07:15:34.000Z,0
CVE-2020-25609,https://securityvulnerability.io/vulnerability/CVE-2020-25609,,"The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data.",Mitel,Micollab,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-12-18T07:14:49.000Z,0
CVE-2020-27340,https://securityvulnerability.io/vulnerability/CVE-2020-27340,,The online help portal of Mitel MiCollab before 9.2 could allow an attacker to redirect a user to an unauthorized website by executing malicious script due to insufficient access control.,Mitel,Micollab,6.1,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2020-12-18T07:14:05.000Z,0