Security Advisories

SECURITY ADVISORIES

Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers. Advisories are posted in reverse chronological order.

For Unify product portfolio customers looking for security advisory information about their applications, product security vulnerabilities are published at unify.com/en/support/security-advisories.

This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement with Mitel. Mitel reserves the right to change or update this information without notice at any time.

Click here for a more comprehensive details on Mitel’s Product Security Policy ›

Description	Advisory ID	CVE#	Severity	Publish Date	Last Updated
Multiple vulnerabilities in Atos Unify OpenScape 4000 Assistant and Atos Unify OpenScape 4000 Manager (CVE-2023- 35031/CVE-2023- 35032/CVE-2023- 35033/CVE-2023- 35034/CVE-2023- 35035)	OBSO-2305-01	CVE-2023-35031, CVE-2023-35032, CVE-2023-35033, CVE-2023-35034, CVE-2023-35035	critical	2023-05-02	2023-06-16
MiCollab Authentication Vulnerability	23-0002	CVE-2023-25597	medium	2023-04-05	2023-04-05
Command injection vulnerability in Atos Unify OpenScape SBC, Atos Unify OpenScape Branch and Atos Unify OpenScape BCF (CVE-2023-30638)	OBSO-2303-02	CVE-2023-30638	high to medium	2023-03-28	2023-05-08
Command injection vulnerability in the Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager (CVE-2023- 29473/CVE-2023- 29474/CVE-2023- 29475)	OBSO-2303-01	CVE-2023-29473, CVE-2023-29474, CVE-2023-29475	critical	2023-03-20	2023-06-16
MiContact Center Business Local File Inclusion Vulnerability	23-0001	CVE-2023-22854	high	2023-01-18	2023-01-18
Command injection vulnerability in Atos Unify OpenScape 4000 Assistant and Atos Unify OpenScape 4000 Manager (CVE-2022-46404)	OBSO-2211-02	CVE-2022-46404	critical	2022-11-28	2022-11-28
OpenSSL V3 buffer overflow vulnerabilities (CVE-2022-3602/CVE-2022-3786)	OBSO-2211-01	CVE-2022-3602, CVE-2022-3786	medium	2022-11-08	2022-12-08
Apache Commons Text Insecure Interpolation Defaults Input Handling Arbitrary Code Execution (CVE-2022-42889)	OBSO-2210-01	CVE-2022-42889	medium	2022-10-26	2023-09-28
Mitel MiCollab Authorization Control Vulnerability	22-0009	CVE-2022-41326	critical	2022-10-12	2022-10-12
MiVoice Connect Code Injection Vulnerability	22-0008	CVE-2022-41223	medium	2022-10-12	2022-10-13
MiVoice Connect Command Injection Vulnerability	22-0007	CVE-2022-40765	medium	2022-10-12	2022-10-13
Realtek eEcos SDK vulnerability (CVE-2022-27255)	OBSO-2209-01	CVE-2022-27255	info	2022-09-05	2022-10-26
Mitel MiCollab Multiple Security Vulnerabilities	22-0006	CVE-2022-36451 CVE-2022-36452 CVE-2022-36453 CVE-2022-36454	medium	2022-07-27	2022-08-29
OpenSSL Certificate Parsing Infinite Loop Remote DoS (CVE-2022-0778)	OBSO-2207-01	CVE-2022-0778	high to medium	2022-07-14	2023-01-31
Impact of critical Expat vulnerabilities on Atos Unify OpenScape Xpert (CVE-2022-23990/CVE-2022-23852)	OBSO-2206-01	CVE-2022-23990, CVE-2022-23852	high to medium	2022-06-29	2022-06-29
MiVoice Business, MiVoice Business Express Buffer Overflow Vulnerability	22-0005	CVE-2022-31784	critical	2022-06-08	2022-06-08
Mitel 6800 Series SIP Phone and 6900 Series SIP Phone Access Control Vulnerability	22-0004	CVE-2022-29855	medium	2022-05-03	2022-05-03
Mitel 6900 Series IP Phone Access Control Vulnerability	22-0003	CVE-2022-29854	medium	2022-05-03	2022-05-12
MiVoice Connect Data Validation Vulnerability	22-0002	CVE-2022-29499	critical	2022-04-19	2022-07-06
Spring Framework Remote Code Execution Vulnerability (Spring4Shell, CVE-2022-22965)	OBSO-2204-01	CVE-2022-22965	critical	2022-04-04	2022-04-14

Description

Advisory ID

CVE#

Severity

Publish Date

Last Updated

Multiple vulnerabilities in Atos Unify OpenScape 4000 Assistant and Atos Unify OpenScape 4000 Manager (CVE-2023- 35031/CVE-2023- 35032/CVE-2023- 35033/CVE-2023- 35034/CVE-2023- 35035)

OBSO-2305-01

CVE-2023-35031, CVE-2023-35032, CVE-2023-35033, CVE-2023-35034, CVE-2023-35035

critical

2023-05-02

2023-06-16

MiCollab Authentication Vulnerability

23-0002

CVE-2023-25597

medium

2023-04-05

Command injection vulnerability in Atos Unify OpenScape SBC, Atos Unify OpenScape Branch and Atos Unify OpenScape BCF (CVE-2023-30638)

OBSO-2303-02

CVE-2023-30638

high to medium

2023-03-28

2023-05-08

Command injection vulnerability in the Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager (CVE-2023- 29473/CVE-2023- 29474/CVE-2023- 29475)

OBSO-2303-01

CVE-2023-29473, CVE-2023-29474, CVE-2023-29475

critical

2023-03-20

2023-06-16

MiContact Center Business Local File Inclusion Vulnerability

23-0001

CVE-2023-22854

high

2023-01-18

Command injection vulnerability in Atos Unify OpenScape 4000 Assistant and Atos Unify OpenScape 4000 Manager (CVE-2022-46404)

OBSO-2211-02

CVE-2022-46404

critical

2022-11-28

OpenSSL V3 buffer overflow vulnerabilities (CVE-2022-3602/CVE-2022-3786)

OBSO-2211-01

CVE-2022-3602, CVE-2022-3786

medium

2022-11-08

2022-12-08

Apache Commons Text Insecure Interpolation Defaults Input Handling Arbitrary Code Execution (CVE-2022-42889)

OBSO-2210-01

CVE-2022-42889

medium

2022-10-26

2023-09-28

Mitel MiCollab Authorization Control Vulnerability

22-0009

CVE-2022-41326

critical

2022-10-12

MiVoice Connect Code Injection Vulnerability

22-0008

CVE-2022-41223

medium

2022-10-12

2022-10-13

MiVoice Connect Command Injection Vulnerability

22-0007

CVE-2022-40765

medium

2022-10-12

2022-10-13

Realtek eEcos SDK vulnerability (CVE-2022-27255)

OBSO-2209-01

CVE-2022-27255

info

2022-09-05

2022-10-26

Mitel MiCollab Multiple Security Vulnerabilities

22-0006

CVE-2022-36451 CVE-2022-36452 CVE-2022-36453 CVE-2022-36454

medium

2022-07-27

2022-08-29

OpenSSL Certificate Parsing Infinite Loop Remote DoS (CVE-2022-0778)

OBSO-2207-01

CVE-2022-0778

high to medium

2022-07-14

2023-01-31

Impact of critical Expat vulnerabilities on Atos Unify OpenScape Xpert (CVE-2022-23990/CVE-2022-23852)

OBSO-2206-01

CVE-2022-23990, CVE-2022-23852

high to medium

2022-06-29

MiVoice Business, MiVoice Business Express Buffer Overflow Vulnerability

22-0005

CVE-2022-31784

critical

2022-06-08

Mitel 6800 Series SIP Phone and 6900 Series SIP Phone Access Control Vulnerability

22-0004

CVE-2022-29855

medium

2022-05-03

Mitel 6900 Series IP Phone Access Control Vulnerability

22-0003

CVE-2022-29854

medium

2022-05-03

2022-05-12

MiVoice Connect Data Validation Vulnerability

22-0002

CVE-2022-29499

critical

2022-04-19

2022-07-06

Spring Framework Remote Code Execution Vulnerability (Spring4Shell, CVE-2022-22965)

OBSO-2204-01

CVE-2022-22965

critical

2022-04-04

2022-04-14

Search

Select your Region/Country/Language

Americas

Europe

Oceania

SECURITY ADVISORIES

GET NOTIFICATIONS OF THE LATEST SECURITY ADVISORIES SENT RIGHT TO YOUR INBOX EVERY WEEK!

Stay One Step Ahead

Ready to talk to sales? Contact us.