Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Micollab_audio\,_web_\&_video_conferencing
(Mitel)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 6 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-05-29 | CVE-2019-12165 | MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful exploit of this vulnerability could allow an attacker to execute arbitrary system commands. | Micollab, Micollab_audio\,_web_\&_video_conferencing | 9.8 | ||
2020-03-02 | CVE-2019-19608 | A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | Micollab_audio\,_web_\&_video_conferencing | N/A | ||
2020-03-02 | CVE-2019-19607 | A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | Micollab_audio\,_web_\&_video_conferencing | N/A | ||
2020-03-02 | CVE-2019-19371 | A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the join meeting interface. A successful exploit could allow an attacker to execute arbitrary scripts. | Micollab_audio\,_web_\&_video_conferencing | N/A |