Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Mitel Subscribe
Filtered by product Micollab Audio\, Web \& Video Conferencing
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-11797 1 Mitel 1 Micollab Audio\, Web \& Video Conferencing 2021-07-21 5.0 MEDIUM 7.5 HIGH
An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit could allow an attacker to access sensitive shared files.
CVE-2019-12165 1 Mitel 2 Micollab, Micollab Audio\, Web \& Video Conferencing 2021-04-20 10.0 HIGH 9.8 CRITICAL
MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful exploit of this vulnerability could allow an attacker to execute arbitrary system commands.
CVE-2020-11798 1 Mitel 1 Micollab Audio\, Web \& Video Conferencing 2020-06-17 5.0 MEDIUM 5.3 MEDIUM
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.
CVE-2019-19607 1 Mitel 1 Micollab Audio\, Web \& Video Conferencing 2020-03-04 7.5 HIGH 9.8 CRITICAL
A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.
CVE-2019-19371 1 Mitel 1 Micollab Audio\, Web \& Video Conferencing 2020-03-04 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the join meeting interface. A successful exploit could allow an attacker to execute arbitrary scripts.
CVE-2019-19608 1 Mitel 1 Micollab Audio\, Web \& Video Conferencing 2020-03-04 7.5 HIGH 9.8 CRITICAL
A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.