Mitel MiCollab Audio, Web & Video Conferencing (AWV) 5.0.5.7

CPE Details

Mitel MiCollab Audio, Web & Video Conferencing (AWV) 5.0.5.7
mitel
micollab_audio\,_web_\&_video_conferencing
5.0.5.7
2019-06-17
09h14 +00:00
2021-04-15
11h44 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:mitel:micollab_audio\,_web_\&_video_conferencing:5.0.5.7:*:*:*:*:*:*:*

Informations

Vendor

mitel

Product

micollab_audio\,_web_\&_video_conferencing

Version

5.0.5.7

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-11797 2020-08-26 16h15 +00:00 An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit could allow an attacker to access sensitive shared files.
7.5
Haute
CVE-2020-11798 2020-06-09 22h00 +00:00 A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.
5.3
Moyen
CVE-2019-19608 2020-03-02 16h56 +00:00 A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.
9.8
Critique
CVE-2019-19607 2020-03-02 16h55 +00:00 A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.
9.8
Critique
CVE-2019-19371 2020-03-02 16h55 +00:00 A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the join meeting interface. A successful exploit could allow an attacker to execute arbitrary scripts.
6.1
Moyen
CVE-2019-12165 2019-05-29 14h56 +00:00 MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful exploit of this vulnerability could allow an attacker to execute arbitrary system commands.
9.8
Critique
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.