Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-41326 |
The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application. Published: November 21, 2022; 8:15:33 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-36454 |
A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name. Published: October 25, 2022; 2:15:09 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-36451 |
A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server. Published: October 25, 2022; 2:15:09 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2014-0160 |
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. Published: April 07, 2014; 6:55:03 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |