Vulnerabilities for Cmg suite (...) - CXSECURITY.COM

Vulnerabilities for 'Cmg suite'

2019-04-25

CVE-2018-18285

CWE-89

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.

CVE-2018-18286

CWE-89

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.

2019-04-02

CVE-2018-19275

CWE-255

The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system.

>>> Vendor: Mitel 25 Products

Mitel 3300 integrated communication platform

Mitel nupoint messenger

Mivoice connect

Shortel mobility client

Mivoice office 400

Mivoice 5330e firmware

Micloud management portal

Mivoice border gateway

Mivoice business

Open integration gateway

Mivoice business express

Micontact center business

Micollab audio\, web \& video conferencing

Mivoice connect client

Shoretel conference web

Businesscti enterprise

Micontact center enterprise

Copyright 2024, cxsecurity.com