Vulnerabilities for Micloud management portal (...) - CXSECURITY.COM

Vulnerabilities for 'Micloud management portal'

2020-09-25

CVE-2020-24595

CWE-863

Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control.

CVE-2020-24594

CWE-79

Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.

CVE-2020-24593

CWE-89

Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation.

CVE-2020-24592

CWE-116

Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization.

2018-05-22

CVE-2018-3639

CWE-200

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

>>> Vendor: Mitel 25 Products

Mitel 3300 integrated communication platform

Mitel nupoint messenger

Mivoice connect

Shortel mobility client

Mivoice office 400

Mivoice 5330e firmware

Micloud management portal

Mivoice border gateway

Mivoice business

Open integration gateway

Mivoice business express

Micontact center business

Micollab audio\, web \& video conferencing

Mivoice connect client

Shoretel conference web

Businesscti enterprise

Micontact center enterprise

Copyright 2024, cxsecurity.com