Mitel MiCollab Audio, Web & Video Conferencing (AWV) 8.0

CPE Details

Mitel MiCollab Audio, Web & Video Conferencing (AWV) 8.0
mitel
micollab_audio\,_web_\&_video_conferencing
8.0
2020-03-03
14h53 +00:00
2021-04-15
11h36 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:mitel:micollab_audio\,_web_\&_video_conferencing:8.0:*:*:*:*:*:*:*

Informations

Vendor

mitel

Product

micollab_audio\,_web_\&_video_conferencing

Version

8.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-11797 2020-08-26 16h15 +00:00 An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit could allow an attacker to access sensitive shared files.
7.5
High
CVE-2020-11798 2020-06-09 22h00 +00:00 A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.
5.3
Medium
CVE-2019-19608 2020-03-02 16h56 +00:00 A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.
9.8
Critical
CVE-2019-19607 2020-03-02 16h55 +00:00 A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.
9.8
Critical
CVE-2019-19371 2020-03-02 16h55 +00:00 A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the join meeting interface. A successful exploit could allow an attacker to execute arbitrary scripts.
6.1
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.