This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mitel First view 2014-04-07
Product Micollab Last view 2023-04-14
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:* 29
cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:* 29
cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:* 29
cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:* 29
cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:-:*:* 29
cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:* 29
cpe:2.3:a:mitel:micollab:-:*:*:*:*:*:*:* 29
cpe:2.3:a:mitel:micollab:*:*:*:*:*:android:*:* 28
cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:* 28
cpe:2.3:a:mitel:micollab:*:*:*:*:*:iphone_os:*:* 28
cpe:2.3:a:mitel:micollab:9.2:-:*:*:*:-:*:* 16
cpe:2.3:a:mitel:micollab:9.2:fp1:*:*:*:-:*:* 16
cpe:2.3:a:mitel:micollab:9.4:-:*:*:*:-:*:* 7
cpe:2.3:a:mitel:micollab:9.4:sp1:*:*:*:-:*:* 7

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.9 2023-04-14 CVE-2023-25597

A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to sensitive information.
9.8 2022-11-22 CVE-2022-41326

The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application.
6.5 2022-10-25 CVE-2022-36454

A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name.
8.8 2022-10-25 CVE-2022-36453

A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number.
9.8 2022-10-25 CVE-2022-36452

A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application.
8.8 2022-10-25 CVE-2022-36451

A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server.
9.8 2022-03-10 CVE-2022-26143

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.
6.5 2021-08-13 CVE-2021-32072

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitization. A successful exploit could allow an attacker to view source code methods.
9.8 2021-08-13 CVE-2021-32071

The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users.
5.4 2021-08-13 CVE-2021-32070

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users.
4.8 2021-08-13 CVE-2021-32069

The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data.
3.7 2021-08-13 CVE-2021-32068

The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an attacker to modify application data and state.
6.5 2021-08-13 CVE-2021-32067

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization.
6.5 2021-08-13 CVE-2021-27402

The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal.
6.1 2021-08-13 CVE-2021-27401

The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS).
9.1 2021-01-29 CVE-2020-35547

A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data.
6.1 2020-12-18 CVE-2020-27340

The online help portal of Mitel MiCollab before 9.2 could allow an attacker to redirect a user to an unauthorized website by executing malicious script due to insufficient access control.
4.9 2020-12-18 CVE-2020-25612

The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow an attacker to gain access to sensitive information.
6.1 2020-12-18 CVE-2020-25611

The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Successful exploitation could allow an attacker to view user conference information.
5.3 2020-12-18 CVE-2020-25610

The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes.
5.4 2020-12-18 CVE-2020-25609

The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data.
7.2 2020-12-18 CVE-2020-25608

The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection.
6.1 2020-12-18 CVE-2020-25606

The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS.
8.1 2020-08-26 CVE-2020-13863

The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information.
5.9 2020-08-26 CVE-2020-13767

The Mitel MiCollab application before 9.1.332 for iOS could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS device, and (if successful) could allow an attacker to gain access to sensitive information,

CWE : Common Weakness Enumeration

%idName
25% (5) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
15% (3) CWE-20 Improper Input Validation
10% (2) CWE-116 Improper Encoding or Escaping of Output
5% (1) CWE-770 Allocation of Resources Without Limits or Throttling
5% (1) CWE-434 Unrestricted Upload of File with Dangerous Type
5% (1) CWE-306 Missing Authentication for Critical Function
5% (1) CWE-295 Certificate Issues
5% (1) CWE-287 Improper Authentication
5% (1) CWE-203 Information Exposure Through Discrepancy
5% (1) CWE-125 Out-of-bounds Read
5% (1) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
5% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
5% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:24324 ELSA-2014:0376: openssl security update (Important)
oval:org.mitre.oval:def:24241 The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not proper...
oval:org.mitre.oval:def:24718 RHSA-2014:0376: openssl security update (Important)
oval:org.mitre.oval:def:23812 DEPRECATED: ELSA-2014:0376: openssl security update (Important)
oval:org.mitre.oval:def:26742 DEPRECATED: ELSA-2014-0376 -- openssl security update (Important)
oval:org.mitre.oval:def:29321 DSA-2896-2 -- openssl -- security update

ExploitDB Exploits

id Description
32998 Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support
32791 Heartbleed OpenSSL - Information Leak Exploit (1)
32764 OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS ...
32745 OpenSSL TLS Heartbeat Extension - Memory Disclosure

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0063 Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux
Severity: Category I - VMSKEY: V0050009
2014-A-0062 Multiple Vulnerabilities In McAfee Email Gateway
Severity: Category I - VMSKEY: V0050005
2014-B-0050 McAfee Web Gateway Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0050003
2014-B-0046 Multiple Vulnerabilities in HP System Management Homepage (SMH)
Severity: Category I - VMSKEY: V0049737
2014-A-0056 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0049583
2014-A-0057 Multiple Vulnerabilities in Oracle MySQL Products
Severity: Category I - VMSKEY: V0049591
2014-A-0053 Multiple Vulnerabilities in Juniper Network JUNOS
Severity: Category I - VMSKEY: V0049589
2014-A-0054 Multiple Vulnerabilities in Oracle Database
Severity: Category I - VMSKEY: V0049587
2014-A-0055 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0049585
2014-A-0058 Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity: Category I - VMSKEY: V0049579
2014-B-0041 Multiple Vulnerabilities in Splunk
Severity: Category I - VMSKEY: V0049577
2014-B-0042 Stunnel Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0049575
2014-A-0051 OpenSSL Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0048667
2014-A-0017 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server
Severity: Category I - VMSKEY: V0043846
2014-A-0019 Multiple Vulnerabilities in VMware Fusion
Severity: Category I - VMSKEY: V0043844
2013-A-0222 Multiple Vulnerabilties in VMware Workstation
Severity: Category II - VMSKEY: V0042383
2012-A-0104 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
Severity: Category I - VMSKEY: V0033046

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-04-25 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30788-community - Type : SERVER-OTHER - Revision : 5
2014-05-24 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30788 - Type : SERVER-OTHER - Revision : 5
2014-04-25 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30787-community - Type : SERVER-OTHER - Revision : 5
2014-05-24 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30787 - Type : SERVER-OTHER - Revision : 5
2014-04-25 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30786-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30786 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30785-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30785 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30784-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30784 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30783-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30783 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30782-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30782 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30781-community - Type : SERVER-OTHER - Revision : 5
2014-05-24 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30781 - Type : SERVER-OTHER - Revision : 5
2014-04-25 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30780-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30780 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30779-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30779 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30778-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30778 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30777-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30777 - Type : SERVER-OTHER - Revision : 4
2014-05-17 OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed at...
RuleID : 30742 - Type : SERVER-OTHER - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_183R1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-44f8a7454d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-527698a904.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5521156807.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-db0d3e157e.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote host is missing a macOS security update that fixes multiple vulner...
File: macosx_SecUpd_10_13_6_2018-002.nasl - Type: ACT_GATHER_INFO
2018-10-18 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1265.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1267.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1270.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1271.nasl - Type: ACT_GATHER_INFO
2018-09-17 Name: The remote Debian host is missing a security update.
File: debian_DLA-1506.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4273.nasl - Type: ACT_GATHER_INFO
2018-07-30 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-208-01.nasl - Type: ACT_GATHER_INFO
2018-07-27 Name: The remote Debian host is missing a security update.
File: debian_DLA-1446.nasl - Type: ACT_GATHER_INFO
2018-07-26 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1049.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0151.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0049.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-1423.nasl - Type: ACT_GATHER_INFO
2018-07-18 Name: The remote Virtuozzo host is missing multiple security updates.
File: Virtuozzo_VZA-2018-048.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2162.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2164.nasl - Type: ACT_GATHER_INFO
2018-07-09 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9f02e5ed7b.nasl - Type: ACT_GATHER_INFO
2018-07-05 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1965.nasl - Type: ACT_GATHER_INFO
2018-07-05 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1997.nasl - Type: ACT_GATHER_INFO