Security Advisories

SECURITY ADVISORIES

Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers. Advisories are posted in reverse chronological order.

This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement with Mitel. Mitel reserves the right to change or update this information without notice at any time.

Click here for a more comprehensive details on Mitel’s Product Security Policy ›

Description	Advisory ID	CVE#	Severity	Publish Date	Last Updated
Multiple Oracle Java Vulnerabilities	15-0012	CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911	high to medium	2015-12-04	2016-05-02
Non-unique X.509 certificates in OpenStage / OpenScape Desk Phone IP (CVE-2015-8251)	OBSO-1511-02	CVE-2015-8251	medium	2015-11-30	2015-11-30
Deserialisation of Java-objects – Vulnerability in Applications involving Apache Commons-Collections Classes (CVE-2015-8237/CVE-2015-8238)	OBSO-1511-01	CVE-2015-8237, CVE-2015-8238	high	2015-11-17	2016-01-22
Security Advisory for MiCC	15-0007	N/A	low	2015-11-04	2015-11-04
OpenScape Xpressions – unauthorized external calls via guest access (CVE-2015-7693)	OBSO-1510-01	CVE-2015-7693	medium	2015-10-26	2016-05-13
OpenSSH: authentication limitsbypass (CVE-2015-5600)	15-0009	CVE-2015-5600	high	2015-09-04	2015-09-04
OpenStage 60 / OpenScape Desk Phone IP 55G – Local service exposure vulnerability (CVE-2015-5391)	OBSO-1508-02	CVE-2015-5391	medium	2015-08-13	2015-08-13
OpenScape Contact Center CDSS – Multiple vulnerabilities fixed in V8 R2.10.11192	OBSO-1508-01	-	medium	2015-08-05	2015-08-05
OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793)	15-0008	CVE-2015-1793	medium	2015-07-31	2015-07-31
CGI Flaw in MiCollab AWV	15-0006	N/A	medium	2015-07-31	2015-07-31
Weakness in Diffie-Hellman key exchange / Logjam	15-0004	CVE-2015-1716 CVE-2015-4000	low	2015-07-31	2015-09-29
OpenScape UC Web Client and Desktop Client – Cross-Site Scripting (XSS) Vulnerability	OBSO-1505-03	-	medium	2015-05-22	2015-05-22
Leap Second on 2015-06-30 – Security Note for Unify Products	OBSO-1505-01	-	info	2015-05-21	2015-05-21
OpenStage / OpenScape Desk Phone IP – HTTP header parsing vulnerability (CVE-2014-9708)	OBSO-1505-02	CVE-2014-9708	medium	2015-05-08	2015-08-13
Samba smbd – Remote Code Execution Vulnerability in netlogon server (CVE-2015-0240)	OBSO-1503-02	CVE-2015-0240	high	2015-03-31	2015-03-31
OpenScape SBC V8 – SIP Authentication Bypass Vulnerability (CVE-2015-2057)	OBSO-1503-01	CVE-2015-2057	high	2015-03-03	2015-03-24
OpenStage / OpenScape Desk Phone IP – Input Validation Vulnerability via Web Interface (CVE-2014-9563)	OBSO-1501-02	CVE-2014-9563	low	2015-02-26	2015-02-26
GNU glibc Remote Buffer Overflow Vulnerability in gethostbyname – “Ghost” (CVE-2015-0235)	OBSO-1501-04	CVE-2015-0235	low	2015-01-31	2016-10-10
OpenScape Business UC Suite – SQL Injection Vulnerability (CVE-2015-1183)	OBSO-1501-03	CVE-2015-1183	high	2015-01-27	2015-01-27
OpenStage / OpenScape Desk Phone IP – Authentication Bypass Vulnerability in WPI Default Mode (CVE-2015-1184)	OBSO-1501-01	CVE-2015-1184	high	2015-01-20	2015-03-24

Description

Advisory ID

CVE#

Severity

Publish Date

Last Updated

Multiple Oracle Java Vulnerabilities

15-0012

CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911

high to medium

2015-12-04

2016-05-02

Non-unique X.509 certificates in OpenStage / OpenScape Desk Phone IP (CVE-2015-8251)

OBSO-1511-02

CVE-2015-8251

medium

2015-11-30

Deserialisation of Java-objects – Vulnerability in Applications involving Apache Commons-Collections Classes (CVE-2015-8237/CVE-2015-8238)

OBSO-1511-01

CVE-2015-8237, CVE-2015-8238

high

2015-11-17

2016-01-22

Security Advisory for MiCC

15-0007

N/A

low

2015-11-04

OpenScape Xpressions – unauthorized external calls via guest access (CVE-2015-7693)

OBSO-1510-01

CVE-2015-7693

medium

2015-10-26

2016-05-13

OpenSSH: authentication limitsbypass (CVE-2015-5600)

15-0009

CVE-2015-5600

high

2015-09-04

OpenStage 60 / OpenScape Desk Phone IP 55G – Local service exposure vulnerability (CVE-2015-5391)

OBSO-1508-02

CVE-2015-5391

medium

2015-08-13

OpenScape Contact Center CDSS – Multiple vulnerabilities fixed in V8 R2.10.11192

OBSO-1508-01

medium

2015-08-05

OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793)

15-0008

CVE-2015-1793

medium

2015-07-31

CGI Flaw in MiCollab AWV

15-0006

N/A

medium

2015-07-31

Weakness in Diffie-Hellman key exchange / Logjam

15-0004

CVE-2015-1716 CVE-2015-4000

low

2015-07-31

2015-09-29

OpenScape UC Web Client and Desktop Client – Cross-Site Scripting (XSS) Vulnerability

OBSO-1505-03

medium

2015-05-22

Leap Second on 2015-06-30 – Security Note for Unify Products

OBSO-1505-01

info

2015-05-21

OpenStage / OpenScape Desk Phone IP – HTTP header parsing vulnerability (CVE-2014-9708)

OBSO-1505-02

CVE-2014-9708

medium

2015-05-08

2015-08-13

Samba smbd – Remote Code Execution Vulnerability in netlogon server (CVE-2015-0240)

OBSO-1503-02

CVE-2015-0240

high

2015-03-31

OpenScape SBC V8 – SIP Authentication Bypass Vulnerability (CVE-2015-2057)

OBSO-1503-01

CVE-2015-2057

high

2015-03-03

2015-03-24

OpenStage / OpenScape Desk Phone IP – Input Validation Vulnerability via Web Interface (CVE-2014-9563)

OBSO-1501-02

CVE-2014-9563

low

2015-02-26

GNU glibc Remote Buffer Overflow Vulnerability in gethostbyname – “Ghost” (CVE-2015-0235)

OBSO-1501-04

CVE-2015-0235

low

2015-01-31

2016-10-10

OpenScape Business UC Suite – SQL Injection Vulnerability (CVE-2015-1183)

OBSO-1501-03

CVE-2015-1183

high

2015-01-27

OpenStage / OpenScape Desk Phone IP – Authentication Bypass Vulnerability in WPI Default Mode (CVE-2015-1184)

OBSO-1501-01

CVE-2015-1184

high

2015-01-20

2015-03-24

First Name

Last Name

Email Address

Relationship to Mitel

By providing the above information, you agree that we may process your personal data in accordance with our Privacy Policy.

Do you agree to the terms and conditions of using our services?

SECURITY ADVISORIES

GET NOTIFICATIONS OF THE LATEST SECURITY ADVISORIES SENT RIGHT TO YOUR INBOX EVERY WEEK!

Stay One Step Ahead

Ready to talk to sales? Contact us.