SECURITY ADVISORIES

Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers. Advisories are posted in reverse chronological order.


This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement with Mitel. Mitel reserves the right to change or update this information without notice at any time.

Click here for a more comprehensive details on Mitel’s Product Security Policy ›


STAY ONE STEP AHEAD

GET NOTIFICATIONS OF THE LATEST SECURITY ADVISORIES SENT RIGHT TO YOUR INBOX EVERY WEEK!

Description Advisory ID CVE# Severity Publish Date Last Updated
Mediatrix 4400 Series – Cross-site scripting (XSS) vulnerability (CVE-2014-1612) OBSO-1402-01 CVE-2014-1612 medium 2014-02-07 2014-02-07
OpenScape UC Applications – Cross-site Scripting Vulnerability OBSO-1401-05 - medium 2014-01-31 2014-01-31
OpenScape Deployment Service – SQL Injection Vulnerability OBSO-1401-04 - high 2014-01-31 2014-01-31
HiPath 4000/OpenScape 4000 – Unauthenticated write access to file system OBSO-1401-03 - medium 2014-01-31 2014-01-31
Informational – Expiry of Default Root CA Certificate in OpenScape Solutions OBSO-1401-02 - info 2014-01-28 2014-01-28
OpenScape Voice V6 – Multiple Vulnerabilities in Operating System and Java Components OBSO-1401-01 - medium 2014-01-15 2014-01-15
OpenScape Voice Trace Manager – Multiple Vulnerabilities in PHP OBSO-1312-02 - medium 2013-12-20 2013-12-20
OpenStage HFA/SIP – Cross-site scripting vulnerability in web-based management OBSO-1312-01 - medium 2013-12-16 2013-12-16
OpenScape Branch/SBC – Nameserver vulnerabilities (CVE-2012-4244/CVE-2012-5166/CVE-2013-2266) OBSO-1307-02 CVE-2012-4244, CVE-2012-5166, CVE-2013-2266 high 2013-07-26 2013-07-26
OpenScape Voice V7 R1 – Multiple Vulnerabilities in Operating System and Java Components OBSO-1307-01 - high 2013-07-24 2013-12-06
OpenStage Cloud Diagnostic Data Collector – PHP and Web Server Vulnerabilities (CVE-2013-1643/CVE-2012-3499) OBSO-1306-02 CVE-2013-1643, CVE-2012-3499 medium 2013-06-17 2013-06-17
OpenScape Branch / OpenScape SBC – Multiple Web Interface Vulnerabilities OBSO-1306-01 - high 2013-06-12 2013-11-08
PostgreSQL Security Updates for Multiple Products (CVE-2013-1899) OBSO-1305-01 CVE-2013-1899 high 2013-05-07 2013-11-08
Linux Kernel Privilege Escalation Vulnerability (CVE-2012-0056) OBSO-1202-01 CVE-2012-0056 info 2012-02-01 2013-11-08
OpenScape UC Application – local access vulnerability via Web Client OBSO-1108-02 - high 2011-08-23 2011-12-08
OpenStage – password accessible in cleartext on webbased interface OBSO-1108-01 - low 2011-08-22 2011-08-22
Allied Telesis divulges secret backdoor OBSO-1106-01 - info 2011-06-07 2013-11-08
OpenStage – configuration data readable by unauthorized users OBSO-1011-01 - medium 2010-11-30 2010-11-30
Impact of the Stuxnet worm to Unify systems OBSO-1010-03 - info 2010-10-25 2013-11-08
Arbitrary code execution at Manager-E OBSO-1010-02 - medium 2010-10-15 2010-10-26
Ready to talk to sales? Contact us.