Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    316 vulnerabilities by mitel

    CERTFR-2026-AVI-0770

    Vulnerability from certfr_avis - Published: 2026-06-18 - Updated: 2026-06-18

    De multiples vulnérabilités ont été découvertes dans les produits Mitel. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Mitel MiCollab MiCollab versions 9.8.x antérieures à 9.8 SP3 FP2 (9.8.3.203)
    Mitel MiCollab MiCollab versions 10.2.x antérieures à 10.2 SP1 FP2 (10.2.1.205)
    Mitel MiVoice MiVoice Business Solution Virtual Instance (MiVB SVI) versions 2.x antérieures à 2.1.0.9-4
    Mitel MiVoice MiVoice Business Solution Virtual Instance (MiVB SVI) versions 1.0 sans les derniers correctifs de sécurité
    References
    Bulletin de sécurité Mitel MISA-2026-0005 2026-06-17 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "MiCollab versions 9.8.x ant\u00e9rieures \u00e0 9.8 SP3 FP2 (9.8.3.203)",
          "product": {
            "name": "MiCollab",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiCollab versions 10.2.x ant\u00e9rieures \u00e0 10.2 SP1 FP2 (10.2.1.205)",
          "product": {
            "name": "MiCollab",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiVoice Business Solution Virtual Instance (MiVB SVI) versions 2.x ant\u00e9rieures \u00e0 2.1.0.9-4",
          "product": {
            "name": "MiVoice",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiVoice Business Solution Virtual Instance (MiVB SVI) versions 1.0 sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "MiVoice",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [],
      "initial_release_date": "2026-06-18T00:00:00",
      "last_revision_date": "2026-06-18T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0770",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-18T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mitel. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mitel",
      "vendor_advisories": [
        {
          "published_at": "2026-06-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Mitel MISA-2026-0005",
          "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2026-0005"
        }
      ]
    }

    CERTFR-2026-AVI-0672

    Vulnerability from certfr_avis - Published: 2026-06-01 - Updated: 2026-06-01

    De multiples vulnérabilités ont été découvertes dans les produits Mitel. Elles permettent à un attaquant de provoquer une élévation de privilèges.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Mitel MiVoice Business MiVoice Business toutes versions 10.3.x
    Mitel Mitel Open Integration Gateway Mitel Open Integration Gateway toutes versions 4.3.x
    Mitel OpenScape SBC OpenScape SBC version V10.3 sans le correctif de sécurité KB000127880
    Mitel OpenScape Branch OpenScape Branch version V10.3 sans le correctif de sécurité KB000127880
    Mitel Mitel SIP DECT Mitel SIP DECT toutes versions 10.x sans le correctif de sécurité KB000127880
    Mitel OpenScape Xpert Clients 6010P OpenScape Xpert Clients 6010P version V7 sans le correctif de sécurité KB000127880
    Mitel Mitel Standard Linux Mitel Standard Linux toutes versions 12.x
    Mitel MiVoice Business MiVoice Business toutes versions 10.1.x
    Mitel MiVoice MX-ONE MiVoice MX-ONE toutes versions 8.x sans le correctif de sécurité KB000127880
    Mitel OpenScape Voice Server OpenScape Voice Server version V10 sans le correctif de sécurité KB000127880
    Mitel MiVoice MX-ONE MiVoice MX-ONE toutes versions 7.3 à 7.8 sans le correctif de sécurité KB000127880
    Mitel MiCollab MiCollab toutes versions 10.x sans le correctif de sécurité KB000127880
    Mitel OpenScape Voice Server OpenScape Voice Server version V9R3 JITC sans le correctif de sécurité KB000127880
    Mitel OpenScape 4000 OpenScape 4000 version V11 R0.22 sans le correctif de sécurité KB000127880
    Mitel OpenScape 4000 OpenScape 4000 toutes versions V10 R1.x sans le correctif de sécurité KB000127880
    Mitel OpenScape Xpert Clients 6010P OpenScape Xpert Clients 6010P version V8 sans le correctif de sécurité KB000127880
    Mitel OpenScape SBC OpenScape SBC toutes versions V11.x sans le correctif de sécurité KB000127880
    Mitel MiVoice Business MiVoice Business toutes versions 10.4.x
    Mitel OpenScape Contact Media Service (used by Mitel CX and OpenScape Contact Center) OpenScape Contact Media Service (used by Mitel CXand OpenScape Contact Center) toutes versions V12Rx sans le correctif de sécurité KB000127880
    Mitel MiVoice 5000 MiVoice 5000 toutes versions 8.x sans le correctif de sécurité KB000127880
    Mitel MiVoice Business MiVoice Business toutes versions 10.2.x
    Mitel OpenScape Voice Server OpenScape Voice Server version V11 sans le correctif de sécurité KB000127880
    Mitel Mitel Performance Analytics Mitel Performance Analytics toutes versions 3.6x sans le correctif de sécurité KB000127880
    Mitel MiVoice Business Solution Virtual Instance MiVoice Business Solution Virtual Instance toutes versions 2.x
    Mitel OpenScape 4000 OpenScape 4000 version V11 R1.26 sans le correctif de sécurité KB000127880
    Mitel MiVoice Business MiVoice Business toutes versions 10.5.x
    Mitel MiCloud Management Portal MiCloud Management Portal toutes versions 6.3.x
    Mitel MiVoice Border Gateway MiVoice Border Gateway toutes versions 12.x
    Mitel MiVoice Border Gateway MiVoice Border Gateway toutes versions 11.6.x
    Mitel OpenScape Branch OpenScape Branch toutes versions V11.x sans le correctif de sécurité KB000127880
    References
    Bulletin de sécurité Mitel MISA-2026-0004 2026-05-28 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "MiVoice Business toutes versions 10.3.x",
          "product": {
            "name": "MiVoice Business",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "Mitel Open Integration Gateway toutes versions 4.3.x",
          "product": {
            "name": "Mitel Open Integration Gateway",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape SBC version V10.3 sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "OpenScape SBC",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape Branch version V10.3 sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "OpenScape Branch",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "Mitel SIP DECT toutes versions 10.x sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "Mitel SIP DECT",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape Xpert Clients 6010P version V7 sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "OpenScape Xpert Clients 6010P",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "Mitel Standard Linux toutes versions 12.x",
          "product": {
            "name": "Mitel Standard Linux",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiVoice Business toutes versions 10.1.x",
          "product": {
            "name": "MiVoice Business",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiVoice MX-ONE toutes versions 8.x sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "MiVoice MX-ONE",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape Voice Server version V10 sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "OpenScape Voice Server",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiVoice MX-ONE toutes versions 7.3 \u00e0 7.8 sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "MiVoice MX-ONE",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiCollab toutes versions 10.x sans le correctif de s\u00e9curit\u00e9 KB000127880 ",
          "product": {
            "name": "MiCollab",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape Voice Server version V9R3 JITC sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "OpenScape Voice Server",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape 4000 version V11 R0.22 sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "OpenScape 4000",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape 4000 toutes versions V10 R1.x sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "OpenScape 4000",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape Xpert Clients 6010P version V8 sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "OpenScape Xpert Clients 6010P",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape SBC toutes versions V11.x sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "OpenScape SBC",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiVoice Business toutes versions 10.4.x",
          "product": {
            "name": "MiVoice Business",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape Contact Media Service (used by Mitel CXand OpenScape Contact Center) toutes versions V12Rx sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "OpenScape Contact Media Service (used by Mitel CX and OpenScape Contact Center)",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiVoice 5000 toutes versions 8.x sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "MiVoice 5000",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiVoice Business toutes versions 10.2.x",
          "product": {
            "name": "MiVoice Business",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape Voice Server version V11 sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "OpenScape Voice Server",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "Mitel Performance Analytics toutes versions 3.6x sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "Mitel Performance Analytics",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiVoice Business Solution Virtual Instance toutes versions 2.x",
          "product": {
            "name": "MiVoice Business Solution Virtual Instance",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape 4000 version V11 R1.26 sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "OpenScape 4000",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiVoice Business toutes versions 10.5.x",
          "product": {
            "name": "MiVoice Business",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiCloud Management Portal toutes versions 6.3.x",
          "product": {
            "name": "MiCloud Management Portal",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiVoice Border Gateway toutes versions 12.x",
          "product": {
            "name": "MiVoice Border Gateway",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiVoice Border Gateway toutes versions 11.6.x",
          "product": {
            "name": "MiVoice Border Gateway",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape Branch toutes versions V11.x sans le correctif de s\u00e9curit\u00e9 KB000127880",
          "product": {
            "name": "OpenScape Branch",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-43284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43284"
        },
        {
          "name": "CVE-2026-43500",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43500"
        }
      ],
      "initial_release_date": "2026-06-01T00:00:00",
      "last_revision_date": "2026-06-01T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0672",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-01T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mitel. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mitel",
      "vendor_advisories": [
        {
          "published_at": "2026-05-28",
          "title": "Bulletin de s\u00e9curit\u00e9 Mitel MISA-2026-0004",
          "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2026-0004"
        }
      ]
    }

    CERTFR-2026-AVI-0411

    Vulnerability from certfr_avis - Published: 2026-04-09 - Updated: 2026-04-09

    De multiples vulnérabilités ont été découvertes dans Mitel MiCollab. Elles permettent à un attaquant de provoquer une élévation de privilèges et une injection SQL (SQLi).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Mitel MiCollab MiCollab versions 10.x sans le dernier correctif de sécurité
    Mitel MiCollab MiCollab versions 10.2.x antérieures à 10.2 SP1 (10.2.1.11)
    Mitel MiCollab MiCollab versions 9.8.x à 9.8.SP3 FP1 sans le dernier correctif de sécurité
    References
    Bulletin de sécurité Mitel MISA-2026-0002 2026-04-08 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "MiCollab versions 10.x sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "MiCollab",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiCollab versions 10.2.x ant\u00e9rieures \u00e0 10.2 SP1 (10.2.1.11)",
          "product": {
            "name": "MiCollab",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiCollab versions 9.8.x \u00e0 9.8.SP3 FP1 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "MiCollab",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [],
      "initial_release_date": "2026-04-09T00:00:00",
      "last_revision_date": "2026-04-09T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0411",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-04-09T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mitel MiCollab. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une injection SQL (SQLi).",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mitel MiCollab",
      "vendor_advisories": [
        {
          "published_at": "2026-04-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Mitel MISA-2026-0002",
          "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2026-0002"
        }
      ]
    }

    CERTFR-2026-AVI-0319

    Vulnerability from certfr_avis - Published: 2026-03-19 - Updated: 2026-03-19

    Une vulnérabilité a été découverte dans les produits Mitel. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Mitel MiContact Center Business MiContact Center Business versions 10.2.0.11 antérieures à 10.2.0.12
    Mitel MiContact Center Business MiContact Center Business version 10.1.0.5 sans le correctif de sécurité KB574059
    Mitel MiContact Center Business MiContact Center Business version 9.5.0.3 sans le correctif de sécurité KB574061
    Mitel MiContact Center Business MiContact Center Business version 10.0.0.4 sans le correctif de sécurité KB574060
    Mitel Mitel CX MCX versions 2.x antérieures à 2.1
    References
    Bulletin de sécurité Mitel 2026-0001 2026-03-18 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "MiContact Center Business versions 10.2.0.11 ant\u00e9rieures \u00e0 10.2.0.12",
          "product": {
            "name": "MiContact Center Business",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiContact Center Business version 10.1.0.5 sans le correctif de s\u00e9curit\u00e9 KB574059",
          "product": {
            "name": "MiContact Center Business",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiContact Center Business version 9.5.0.3 sans le correctif de s\u00e9curit\u00e9 KB574061",
          "product": {
            "name": "MiContact Center Business",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiContact Center Business version 10.0.0.4 sans le correctif de s\u00e9curit\u00e9 KB574060",
          "product": {
            "name": "MiContact Center Business",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MCX versions 2.x ant\u00e9rieures \u00e0 2.1",
          "product": {
            "name": "Mitel CX",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [],
      "initial_release_date": "2026-03-19T00:00:00",
      "last_revision_date": "2026-03-19T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0319",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-03-19T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Mitel. Elle permet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
      "title": "Vuln\u00e9rabilit\u00e9 dans les produits Mitel",
      "vendor_advisories": [
        {
          "published_at": "2026-03-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Mitel 2026-0001",
          "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2026-0001"
        }
      ]
    }

    CERTFR-2025-AVI-1097

    Vulnerability from certfr_avis - Published: 2025-12-11 - Updated: 2026-01-06

    Une vulnérabilité a été découverte dans les produits Mitel. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    L'éditeur précise que les versions correctives ne sont pas encore disponibles. Dans l'attente de leur disponibilité, il est nécessaire d'appliquer les correctifs de sécurité KB20257760, KB573971, KB573970 et KB573969 pour MiContact Center Business et KB20254739 pour Mitel CX.

    Impacted products
    Vendor Product Description
    Mitel MiContact Center Enterprise MiContact Center Business versions antérieures à 10.0.2 FP 11 (10.2.0.11)
    Mitel Mitel CX Mitel CX versions antérieures à MCX 2.0
    References
    Bulletin de sécurité Mitel MISA-2025-0010 2025-12-09 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "MiContact Center Business versions ant\u00e9rieures \u00e0 10.0.2 FP 11 (10.2.0.11)",
          "product": {
            "name": "MiContact Center Enterprise",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "Mitel CX versions ant\u00e9rieures \u00e0 MCX 2.0",
          "product": {
            "name": "Mitel CX",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "L\u0027\u00e9diteur pr\u00e9cise que les versions correctives ne sont pas encore disponibles.\nDans l\u0027attente de leur disponibilit\u00e9, il est n\u00e9cessaire d\u0027appliquer les correctifs de s\u00e9curit\u00e9 KB20257760, KB573971, KB573970 et KB573969 pour MiContact Center Business et KB20254739 pour Mitel CX.",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-67823",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67823"
        }
      ],
      "initial_release_date": "2025-12-11T00:00:00",
      "last_revision_date": "2026-01-06T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-1097",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-12-11T00:00:00.000000"
        },
        {
          "description": "Ajout de l\u0027identifiant CVE-2025-67823. L\u0027avis \u00e9diteur concerne une seule vuln\u00e9rabilit\u00e9.",
          "revision_date": "2026-01-06T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Mitel. Elle permet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
      "title": "Vuln\u00e9rabilit\u00e9 dans les produits Mitel",
      "vendor_advisories": [
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Mitel MISA-2025-0010",
          "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0010"
        }
      ]
    }

    CERTFR-2025-AVI-0618

    Vulnerability from certfr_avis - Published: 2025-07-24 - Updated: 2026-01-28

    De multiples vulnérabilités ont été découvertes dans les produits Mitel. Elles permettent à un attaquant de provoquer une injection SQL (SQLi) et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Les correctifs pour MiVoice MX-ONE version 7.3 et postérieures sont disponibles à la discrétion de Mitel.

    Impacted products
    Vendor Product Description
    Mitel MiCollab MiCollab versions antérieures à 9.8 SP3 FP1 (9.8.3.103)
    Mitel MiVoice MX-ONE MiVoice MX-ONE versions 7.8 sans le correctif MXO-15711_78SP0
    Mitel MiVoice MX-ONE MiVoice MX-ONE versions 7.8 SP1 sans le correctif MXO-15711_78SP1
    Mitel MiCollab MiCollab versions 10.x antérieures à 10.1 (10.1.0.10)
    References
    Bulletin de sécurité Mitel 2025-0008 2025-07-23 vendor-advisory
    Bulletin de sécurité Mitel 2025-0009 2025-07-23 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "MiCollab versions ant\u00e9rieures \u00e0 9.8 SP3 FP1 (9.8.3.103)",
          "product": {
            "name": "MiCollab",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiVoice MX-ONE versions 7.8 sans le correctif MXO-15711_78SP0",
          "product": {
            "name": "MiVoice MX-ONE",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiVoice MX-ONE versions 7.8 SP1 sans le correctif MXO-15711_78SP1",
          "product": {
            "name": "MiVoice MX-ONE",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiCollab versions 10.x ant\u00e9rieures \u00e0 10.1 (10.1.0.10)",
          "product": {
            "name": "MiCollab",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "Les correctifs pour MiVoice MX-ONE version 7.3 et post\u00e9rieures sont disponibles \u00e0 la discr\u00e9tion de Mitel.",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-52914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52914"
        },
        {
          "name": "CVE-2025-67822",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67822"
        }
      ],
      "initial_release_date": "2025-07-24T00:00:00",
      "last_revision_date": "2026-01-28T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0618",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-07-24T00:00:00.000000"
        },
        {
          "description": "Ajout R\u00e9f\u00e9rence CVE CVE-2025-67822",
          "revision_date": "2026-01-28T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mitel. Elles permettent \u00e0 un attaquant de provoquer une injection SQL (SQLi) et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mitel",
      "vendor_advisories": [
        {
          "published_at": "2025-07-23",
          "title": "Bulletin de s\u00e9curit\u00e9 Mitel 2025-0008",
          "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0008"
        },
        {
          "published_at": "2025-07-23",
          "title": "Bulletin de s\u00e9curit\u00e9 Mitel 2025-0009",
          "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0009"
        }
      ]
    }

    CERTFR-2025-AVI-0503

    Vulnerability from certfr_avis - Published: - Updated:

    Une vulnérabilité a été découverte dans les produits Mitel. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Mitel MiCollab MiCollab versions antérieures à 9.8 SP3 (9.8.3.1)
    Mitel OpenScape Accounting Management OpenScape Accounting Management versions antérieures à V5 R1.1.4
    References
    Bulletin de sécurité Mitel 2025-0007 2025-06-11 vendor-advisory
    Bulletin de sécurité Mitel 2025-0006 2025-06-11 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "MiCollab versions ant\u00e9rieures \u00e0 9.8 SP3 (9.8.3.1)",
          "product": {
            "name": "MiCollab",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape Accounting Management versions ant\u00e9rieures \u00e0 V5 R1.1.4",
          "product": {
            "name": "OpenScape Accounting Management",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-23092",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23092"
        }
      ],
      "links": [],
      "reference": "CERTFR-2025-AVI-0503",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-06-12T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Mitel. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mitel",
      "vendor_advisories": [
        {
          "published_at": "2025-06-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Mitel 2025-0007",
          "url": "https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0007"
        },
        {
          "published_at": "2025-06-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Mitel 2025-0006",
          "url": "https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0006"
        }
      ]
    }

    CERTFR-2025-AVI-0431

    Vulnerability from certfr_avis - Published: - Updated:

    Une vulnérabilité a été découverte dans Mitel OpenScapeXpressions. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Mitel OpenScapeXpressions OpenScapeXpressions versions V7R1 FR5 HF43 P913 antérieures à V7R1 FR5 HF43 P914 (WebApl-811FR5-20970 hotfix)
    References
    Bulletin de sécurité Mitel 2025-0005 2025-05-21 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "OpenScapeXpressions versions V7R1 FR5 HF43 P913 ant\u00e9rieures \u00e0 V7R1 FR5 HF43 P914 (WebApl-811FR5-20970 hotfix)",
          "product": {
            "name": "OpenScapeXpressions",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-48026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48026"
        }
      ],
      "links": [],
      "reference": "CERTFR-2025-AVI-0431",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-05-21T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Mitel OpenScapeXpressions. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Vuln\u00e9rabilit\u00e9 dans Mitel OpenScapeXpressions",
      "vendor_advisories": [
        {
          "published_at": "2025-05-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Mitel 2025-0005",
          "url": "https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0005"
        }
      ]
    }

    CERTFR-2025-AVI-0388

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans les produits Mitel. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Mitel téléphones SIP séries 6900 téléphones SIP séries 6900 versions antérieures à R6.4.0.SP5
    Mitel 6970 Conference Unit 6970 Conference Unit versions antérieures à R6.4.0.SP5
    Mitel téléphones SIP séries 6900w téléphones SIP séries 6900w versions antérieures à R6.4.0.SP5
    Mitel téléphones SIP séries 6800 téléphones SIP séries 6800 versions antérieures à R6.4.0.SP5
    References
    Bulletin de sécurité Mitel 2025-0004 2025-05-06 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "t\u00e9l\u00e9phones SIP s\u00e9ries 6900 versions ant\u00e9rieures \u00e0 R6.4.0.SP5",
          "product": {
            "name": "t\u00e9l\u00e9phones SIP s\u00e9ries 6900",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "6970 Conference Unit versions ant\u00e9rieures \u00e0 R6.4.0.SP5",
          "product": {
            "name": "6970 Conference Unit",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "t\u00e9l\u00e9phones SIP s\u00e9ries 6900w versions ant\u00e9rieures \u00e0 R6.4.0.SP5",
          "product": {
            "name": "t\u00e9l\u00e9phones SIP s\u00e9ries 6900w",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "t\u00e9l\u00e9phones SIP s\u00e9ries 6800 versions ant\u00e9rieures \u00e0 R6.4.0.SP5",
          "product": {
            "name": "t\u00e9l\u00e9phones SIP s\u00e9ries 6800",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-47187",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47187"
        },
        {
          "name": "CVE-2025-47188",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47188"
        }
      ],
      "links": [],
      "reference": "CERTFR-2025-AVI-0388",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-05-12T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mitel. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mitel",
      "vendor_advisories": [
        {
          "published_at": "2025-05-06",
          "title": "Bulletin de s\u00e9curit\u00e9 Mitel 2025-0004",
          "url": "https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0004"
        }
      ]
    }

    CERTFR-2025-AVI-0246

    Vulnerability from certfr_avis - Published: - Updated:

    Une vulnérabilité a été découverte dans Mitel MiContact Center Business. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Mitel MiContact Center Business MiContact Center Business versions 10.1.0.x antérieures à 10.1.0.5 sans le correctif de sécurité KB571322
    Mitel MiContact Center Business MiContact Center Business versions 10.0.0.x antérieures à 10.0.0.4 sans le correctif de sécurité KB571372
    Mitel MiContact Center Business MiContact Center Business versions 10.2.0.x antérieures à 10.20.5
    Mitel MiContact Center Business MiContact Center Business versions antérieures à 9.5.0.3 sans le correctif de sécurité KB571320
    References
    Bulletin de sécurité Mitel MISA-2025-0003 2025-03-26 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "MiContact Center Business versions 10.1.0.x ant\u00e9rieures \u00e0 10.1.0.5 sans le correctif de s\u00e9curit\u00e9 KB571322",
          "product": {
            "name": "MiContact Center Business",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiContact Center Business versions 10.0.0.x ant\u00e9rieures \u00e0 10.0.0.4 sans le correctif de s\u00e9curit\u00e9 KB571372",
          "product": {
            "name": "MiContact Center Business",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiContact Center Business versions 10.2.0.x ant\u00e9rieures \u00e0 10.20.5",
          "product": {
            "name": "MiContact Center Business",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiContact Center Business versions ant\u00e9rieures \u00e0 9.5.0.3 sans le correctif de s\u00e9curit\u00e9 KB571320",
          "product": {
            "name": "MiContact Center Business",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-23092",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23092"
        }
      ],
      "links": [],
      "reference": "CERTFR-2025-AVI-0246",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-03-27T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Mitel MiContact Center Business.  Elle permet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
      "title": "Vuln\u00e9rabilit\u00e9 dans Mitel MiContact Center Business",
      "vendor_advisories": [
        {
          "published_at": "2025-03-26",
          "title": "Bulletin de s\u00e9curit\u00e9 Mitel MISA-2025-0003",
          "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0003"
        }
      ]
    }

    CERTFR-2025-AVI-0065

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans les produits Mitel. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Mitel MiContact Center Business MiContact Center Business versions 10.2.0.x antérieures à 10.2.0.3 (KB20256817)
    Mitel OpenScape 4000 OpenScape 4000 versions V11 R0.22.x antérieures à V11 R0.22.2
    Mitel MiContact Center Business MiContact Center Business versions 10.1.0.x antérieures à 10.1.0.5 (KB570775)
    Mitel MiContact Center Business MiContact Center Business versions antérieures à 10.0.0.4 (KB569707)
    Mitel OpenScape 4000 OpenScape 4000 versions V10 R1.54.x antérieures à V10 R1.54.2
    Mitel OpenScape 4000 Manager OpenScape 4000 versions antérieures à V10 R1.42.7
    Mitel OpenScape 4000 OpenScape 4000 versions antérieures à V10 R1.42.7
    Mitel OpenScape 4000 Manager OpenScape 4000 versions V10 R1.54.x antérieures à V10 R1.54.2
    Mitel OpenScape 4000 Manager OpenScape 4000 versions V11 R0.22.x antérieures à V11 R0.22.2
    References
    Bulletin de sécurité Mitel 2025-0002 2025-01-22 vendor-advisory
    Bulletin de sécurité Mitel 2025-0001 2025-01-22 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "MiContact Center Business versions 10.2.0.x ant\u00e9rieures \u00e0 10.2.0.3 (KB20256817)",
          "product": {
            "name": "MiContact Center Business",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape 4000 versions V11 R0.22.x ant\u00e9rieures \u00e0 V11 R0.22.2",
          "product": {
            "name": "OpenScape 4000",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiContact Center Business versions 10.1.0.x ant\u00e9rieures \u00e0 10.1.0.5 (KB570775)",
          "product": {
            "name": "MiContact Center Business",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "MiContact Center Business versions ant\u00e9rieures \u00e0 10.0.0.4 (KB569707)",
          "product": {
            "name": "MiContact Center Business",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape 4000 versions V10 R1.54.x ant\u00e9rieures \u00e0 V10 R1.54.2",
          "product": {
            "name": "OpenScape 4000",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape 4000 versions ant\u00e9rieures \u00e0 V10 R1.42.7",
          "product": {
            "name": "OpenScape 4000 Manager",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape 4000 versions ant\u00e9rieures \u00e0 V10 R1.42.7",
          "product": {
            "name": "OpenScape 4000",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape 4000 versions V10 R1.54.x ant\u00e9rieures \u00e0 V10 R1.54.2",
          "product": {
            "name": "OpenScape 4000 Manager",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        },
        {
          "description": "OpenScape 4000 versions V11 R0.22.x ant\u00e9rieures \u00e0 V11 R0.22.2",
          "product": {
            "name": "OpenScape 4000 Manager",
            "vendor": {
              "name": "Mitel",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-23093",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23093"
        },
        {
          "name": "CVE-2025-23094",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23094"
        }
      ],
      "links": [],
      "reference": "CERTFR-2025-AVI-0065",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-01-23T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mitel. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mitel",
      "vendor_advisories": [
        {
          "published_at": "2025-01-22",
          "title": "Bulletin de s\u00e9curit\u00e9 Mitel 2025-0002",
          "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0002"
        },
        {
          "published_at": "2025-01-22",
          "title": "Bulletin de s\u00e9curit\u00e9 Mitel 2025-0001",
          "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0001"
        }
      ]
    }

    CVE-2025-67823 (GCVE-0-2025-67823)

    Vulnerability from nvd – Published: 2026-01-15 00:00 – Updated: 2026-01-16 15:02
    VLAI
    Summary
    A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction where the email channel is enabled. This could allow an attacker to execute arbitrary scripts in the victim's browser or desktop client application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67823",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-16T15:01:07.340578Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-16T15:02:06.780Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction where the email channel is enabled. This could allow an attacker to execute arbitrary scripts in the victim\u0027s browser or desktop client application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-15T21:17:56.511Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories"
            },
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0010"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-67823",
        "datePublished": "2026-01-15T00:00:00.000Z",
        "dateReserved": "2025-12-12T00:00:00.000Z",
        "dateUpdated": "2026-01-16T15:02:06.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67822 (GCVE-0-2025-67822)

    Vulnerability from nvd – Published: 2026-01-15 00:00 – Updated: 2026-01-16 14:59
    VLAI
    Summary
    A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanisms. A successful exploit could allow an attacker to gain unauthorized access to user or admin accounts in the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-287 - Improper Authentication
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.4,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67822",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-16T14:55:43.213583Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-16T14:59:20.630Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanisms. A successful exploit could allow an attacker to gain unauthorized access to user or admin accounts in the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-15T21:30:04.740Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories"
            },
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0009"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-67822",
        "datePublished": "2026-01-15T00:00:00.000Z",
        "dateReserved": "2025-12-12T00:00:00.000Z",
        "dateUpdated": "2026-01-16T14:59:20.630Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-52914 (GCVE-0-2025-52914)

    Vulnerability from nvd – Published: 2025-08-08 00:00 – Updated: 2025-08-08 17:55
    VLAI
    Summary
    A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52914",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-08T17:50:09.458287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-08T17:55:00.637Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-08T17:31:56.565Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories"
            },
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0008"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-52914",
        "datePublished": "2025-08-08T00:00:00.000Z",
        "dateReserved": "2025-06-21T00:00:00.000Z",
        "dateUpdated": "2025-08-08T17:55:00.637Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-55550 (GCVE-0-2024-55550)

    Vulnerability from nvd – Published: 2024-12-10 00:00 – Updated: 2025-10-21 22:55
    VLAI CISA KEVIntel
    Summary
    Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-55550",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-11T04:55:17.443947Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-01-07",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T22:55:34.692Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-01-07T00:00:00.000Z",
                "value": "CVE-2024-55550 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-10T18:14:31.870Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories"
            },
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-55550",
        "datePublished": "2024-12-10T00:00:00.000Z",
        "dateReserved": "2024-12-08T00:00:00.000Z",
        "dateUpdated": "2025-10-21T22:55:34.692Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47224 (GCVE-0-2024-47224)

    Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2024-11-05 21:05
    VLAI
    Summary
    A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47224",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-22T17:11:52.099763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-116",
                    "description": "CWE-116 Improper Encoding or Escaping of Output",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-05T21:05:47.109Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-21T20:09:33.221Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0025"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-47224",
        "datePublished": "2024-10-21T00:00:00.000Z",
        "dateReserved": "2024-09-22T00:00:00.000Z",
        "dateUpdated": "2024-11-05T21:05:47.109Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41714 (GCVE-0-2024-41714)

    Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2024-10-22 14:03
    VLAI
    Summary
    A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    mitel micollab Affected: 0 , ≤ 9.8-SP1-\/9.8.1.5\/ (custom)
        cpe:2.3:a:mitel:micollab:-:*:*:*:*:-:*:*
    Create a notification for this product.
    mitel mivoice_business_solutions_virtual_instance Affected: 0 , ≤ 1.0.0.27 (custom)
        cpe:2.3:a:mitel:mivoice_business_solutions_virtual_instance:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mitel:micollab:-:*:*:*:*:-:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "micollab",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "9.8-SP1-\\/9.8.1.5\\/",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitel:mivoice_business_solutions_virtual_instance:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mivoice_business_solutions_virtual_instance",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.0.0.27",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41714",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-22T14:00:32.207511Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-22T14:03:51.621Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-21T20:11:58.779Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0021"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-41714",
        "datePublished": "2024-10-21T00:00:00.000Z",
        "dateReserved": "2024-07-22T00:00:00.000Z",
        "dateUpdated": "2024-10-22T14:03:51.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41713 (GCVE-0-2024-41713)

    Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2025-10-21 22:55
    VLAI CISA Shadowserver KEVIntel
    Summary
    A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    mitel micollab Affected: 0 , ≤ 9.8.1.201 (custom)
        cpe:2.3:a:mitel:micollab:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mitel:micollab:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "micollab",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "9.8.1.201",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41713",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-11T04:55:15.981762Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-01-07",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41713"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T22:55:42.233Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41713"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-01-07T00:00:00.000Z",
                "value": "CVE-2024-41713 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users\u0027 data and system configurations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-21T20:52:04.542Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-41713",
        "datePublished": "2024-10-21T00:00:00.000Z",
        "dateReserved": "2024-07-22T00:00:00.000Z",
        "dateUpdated": "2025-10-21T22:55:42.233Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41712 (GCVE-0-2024-41712)

    Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2024-10-23 20:25
    VLAI
    Summary
    A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    mitel micollab Affected: 0 , ≤ 9.8.1.5 (custom)
        cpe:2.3:a:mitel:micollab:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mitel:micollab:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "micollab",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "9.8.1.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.6,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41712",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T20:22:48.202829Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T20:25:05.166Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-21T20:14:22.692Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0022"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-41712",
        "datePublished": "2024-10-21T00:00:00.000Z",
        "dateReserved": "2024-07-22T00:00:00.000Z",
        "dateUpdated": "2024-10-23T20:25:05.166Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-35315 (GCVE-0-2024-35315)

    Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2024-10-23 20:43
    VLAI
    Summary
    A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    mitel micollab Affected: 0 , ≤ 9.7.1.110 (custom)
        cpe:2.3:a:mitel:micollab:-:*:*:*:*:android:*:*
    Create a notification for this product.
    mitel mivoice_business Affected: 1.0.0.25
        cpe:2.3:a:mitel:mivoice_business:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mitel:micollab:-:*:*:*:*:android:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "micollab",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "9.7.1.110",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitel:mivoice_business:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mivoice_business",
                "vendor": "mitel",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0.0.25"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 5.6,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35315",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T20:40:00.772225Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T20:43:02.347Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-21T20:18:27.634Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0016"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-35315",
        "datePublished": "2024-10-21T00:00:00.000Z",
        "dateReserved": "2024-05-17T00:00:00.000Z",
        "dateUpdated": "2024-10-23T20:43:02.347Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-35314 (GCVE-0-2024-35314)

    Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2025-03-25 14:14
    VLAI
    Summary
    A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    mitel micollab Affected: 0 , ≤ 9.7.1.110 (custom)
        cpe:2.3:a:mitel:micollab:-:*:*:*:*:-:*:*
    Create a notification for this product.
    mitel mivoice_business_solutions_virtual_instance Affected: 0 , ≤ 1.0.0.25 (custom)
        cpe:2.3:a:mitel:mivoice_business_solutions_virtual_instance:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mitel:micollab:-:*:*:*:*:-:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "micollab",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "9.7.1.110",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitel:mivoice_business_solutions_virtual_instance:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mivoice_business_solutions_virtual_instance",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.0.0.25",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35314",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-22T13:47:55.274909Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T14:14:25.141Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-08T17:56:14.690Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0015"
            },
            {
              "url": "https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0015-001-v3.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-35314",
        "datePublished": "2024-10-21T00:00:00.000Z",
        "dateReserved": "2024-05-17T00:00:00.000Z",
        "dateUpdated": "2025-03-25T14:14:25.141Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-35287 (GCVE-0-2024-35287)

    Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2024-10-22 13:29
    VLAI
    Summary
    A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    mitel micollab Affected: 0 , ≤ 9.8-SP1-\/9.8.1.5\/ (custom)
        cpe:2.3:a:mitel:micollab:-:*:*:*:*:-:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mitel:micollab:-:*:*:*:*:-:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "micollab",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "9.8-SP1-\\/9.8.1.5\\/",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35287",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-22T13:21:45.975898Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-22T13:29:45.969Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-21T20:53:56.151Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0023"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-35287",
        "datePublished": "2024-10-21T00:00:00.000Z",
        "dateReserved": "2024-05-15T00:00:00.000Z",
        "dateUpdated": "2024-10-22T13:29:45.969Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-35286 (GCVE-0-2024-35286)

    Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2024-12-10 04:55
    VLAI
    Summary
    A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    mitel micollab Affected: 0 , ≤ 9.8.0.33 (custom)
        cpe:2.3:a:mitel:micollab:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mitel:micollab:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "micollab",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "9.8.0.33",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35286",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-06T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T04:55:53.023Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-21T20:41:02.281Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0014"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-35286",
        "datePublished": "2024-10-21T00:00:00.000Z",
        "dateReserved": "2024-05-15T00:00:00.000Z",
        "dateUpdated": "2024-12-10T04:55:53.023Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-35285 (GCVE-0-2024-35285)

    Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2024-10-22 19:35
    VLAI
    Summary
    A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    mitel micollab_nupoint_messanger Affected: 0 , ≤ 9.8.0.33 (custom)
        cpe:2.3:a:mitel:micollab_nupoint_messanger:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mitel:micollab_nupoint_messanger:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "micollab_nupoint_messanger",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "9.8.0.33",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35285",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-22T14:04:39.301964Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-22T19:35:11.811Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-21T20:16:34.911Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0013"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-35285",
        "datePublished": "2024-10-21T00:00:00.000Z",
        "dateReserved": "2024-05-15T00:00:00.000Z",
        "dateUpdated": "2024-10-22T19:35:11.811Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30160 (GCVE-0-2024-30160)

    Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2025-03-22 14:21
    VLAI
    Summary
    A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30160",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-22T13:58:25.835482Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-22T14:21:05.626Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-21T20:42:52.294Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0005"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-30160",
        "datePublished": "2024-10-21T00:00:00.000Z",
        "dateReserved": "2024-03-24T00:00:00.000Z",
        "dateUpdated": "2025-03-22T14:21:05.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30159 (GCVE-0-2024-30159)

    Vulnerability from nvd – Published: 2024-10-21 00:00 – Updated: 2025-03-22 14:45
    VLAI
    Summary
    A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30159",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-22T13:59:11.032349Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-22T14:45:55.462Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-21T20:46:54.192Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0005"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-30159",
        "datePublished": "2024-10-21T00:00:00.000Z",
        "dateReserved": "2024-03-24T00:00:00.000Z",
        "dateUpdated": "2025-03-22T14:45:55.462Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-67822 (GCVE-0-2025-67822)

    Vulnerability from cvelistv5 – Published: 2026-01-15 00:00 – Updated: 2026-01-16 14:59
    VLAI
    Summary
    A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanisms. A successful exploit could allow an attacker to gain unauthorized access to user or admin accounts in the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-287 - Improper Authentication
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.4,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67822",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-16T14:55:43.213583Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-16T14:59:20.630Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanisms. A successful exploit could allow an attacker to gain unauthorized access to user or admin accounts in the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-15T21:30:04.740Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories"
            },
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0009"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-67822",
        "datePublished": "2026-01-15T00:00:00.000Z",
        "dateReserved": "2025-12-12T00:00:00.000Z",
        "dateUpdated": "2026-01-16T14:59:20.630Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67823 (GCVE-0-2025-67823)

    Vulnerability from cvelistv5 – Published: 2026-01-15 00:00 – Updated: 2026-01-16 15:02
    VLAI
    Summary
    A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction where the email channel is enabled. This could allow an attacker to execute arbitrary scripts in the victim's browser or desktop client application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67823",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-16T15:01:07.340578Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-16T15:02:06.780Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction where the email channel is enabled. This could allow an attacker to execute arbitrary scripts in the victim\u0027s browser or desktop client application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-15T21:17:56.511Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories"
            },
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0010"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-67823",
        "datePublished": "2026-01-15T00:00:00.000Z",
        "dateReserved": "2025-12-12T00:00:00.000Z",
        "dateUpdated": "2026-01-16T15:02:06.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-52914 (GCVE-0-2025-52914)

    Vulnerability from cvelistv5 – Published: 2025-08-08 00:00 – Updated: 2025-08-08 17:55
    VLAI
    Summary
    A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52914",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-08T17:50:09.458287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-08T17:55:00.637Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-08T17:31:56.565Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories"
            },
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0008"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-52914",
        "datePublished": "2025-08-08T00:00:00.000Z",
        "dateReserved": "2025-06-21T00:00:00.000Z",
        "dateUpdated": "2025-08-08T17:55:00.637Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-55550 (GCVE-0-2024-55550)

    Vulnerability from cvelistv5 – Published: 2024-12-10 00:00 – Updated: 2025-10-21 22:55
    VLAI CISA KEVIntel
    Summary
    Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-55550",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-11T04:55:17.443947Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-01-07",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T22:55:34.692Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-01-07T00:00:00.000Z",
                "value": "CVE-2024-55550 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-10T18:14:31.870Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories"
            },
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-55550",
        "datePublished": "2024-12-10T00:00:00.000Z",
        "dateReserved": "2024-12-08T00:00:00.000Z",
        "dateUpdated": "2025-10-21T22:55:34.692Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }