SECURITY ADVISORIES

Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers. Advisories are posted in reverse chronological order.


This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement with Mitel. Mitel reserves the right to change or update this information without notice at any time.

Click here for a more comprehensive details on Mitel’s Product Security Policy ›


STAY ONE STEP AHEAD

GET NOTIFICATIONS OF THE LATEST SECURITY ADVISORIES SENT RIGHT TO YOUR INBOX EVERY WEEK!

Description Advisory ID CVE# Severity Publish Date Last Updated
MiCollab Multiple Security Vulnerabilities 20-0005 CVE-2020-11798 CVE-2020-11797 high to medium 2020-04-30 2020-04-30
MiVoice Connect - Remote Code Execution and Weak Encryption Vulnerabilities 20-0004 CVE-2020-10211 CVE-2020-10377 critical 2020-03-31 2020-03-31
GhostCat. Apache Tomcat Unspecified Local File Inclusion. (CVE-2020-1938) OBSO-2003-02 CVE-2020-1938 high 2020-03-12 2020-04-28
Apache Log4j SocketServer Class Log Data Handling Insecure Deserialization Remote Code Execution (CVE-2019-17571) OBSO-2003-01 CVE-2019-17571 info 2020-03-03 2020-03-13
Mitel MiContact Center Business with Site Based Security – Authentication Vulnerability 20-0003 CVE-2020-9379 medium 2020-03-02 2020-03-02
OpenScape UC – Multiple vulnerabilities OBSO-2002-01 - medium 2020-02-17 2020-02-17
Microsoft changes to Default Security Settings for LDAP on Active Directory 20-0002 N/A medium 2020-02-17 2020-03-30
Mitel 6970 – Port Configuration Vulnerability 20-0001 N/A medium 2020-01-22 2020-01-22
Mitel SIP-DECT – Encryption key vulnerability 19-0009 CVE-2019-19891 medium 2019-12-27 2019-12-27
Mitel MiCollab for Android – Cross-Site-Scripting (XSS) 19-0008 CVE-2019-19370 medium 2019-12-20 2019-12-20
MiCollab SQL injection and XSS vulnerabilities 19-0007 CVE-2019-19607 CVE-2019-19608 CVE-2019-19371 high 2019-12-20 2019-12-20
Mitel MiVoice 6800/6900 SIP series phones key length vulnerability 19-0006 CVE-2019-18863 medium 2019-11-22 2019-11-22
Linux Sudo Bypass of User Restrictions Vulnerability 19-0005 CVE-2019-14287 info 2019-11-12 2019-11-26
Sudo: Privilege escalation via potential bypass of Runas user restrictions (CVE-2019-14287) OBSO-1911-02 CVE-2019-14287 info 2019-11-08 2019-11-19
Impact of Microsoft Advisory ADV190023 for Unify Customers (Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing) OBSO-1911-01 - info 2019-11-06 2020-06-10
MiVoice Business Security Certificate 19-0004 N/A info 2019-08-28 2019-08-28
VxWorks TCP/IP Network Stack (IPnet, Urgent/11) (CVE-2019-12256 to CVE-2019-12265) OBSO-1908-01 CVE-2019-12256, CVE-2019-12265 info 2019-08-14 2019-08-14
TCP SACK PANIC -Linux Kernel vulnerabilities (CVE-2019-11477/CVE-2019-11478/CVE -2019-11479/ CVE-2019-5599) OBSO-1906-01 CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-5599 medium to high 2019-06-21 2019-12-17
Microsoft Windows Remote Desktop Services RDP Connection Request Handling Remote Code Execution (CVE-2019-0708) OBSO-1905-02 CVE-2019-0708 high 2019-05-16 2019-05-17
Apache Tomcat for Windows CGI Servlet Command Line Argument Handling Remote Code Execution (CVE-2019-0232) OBSO-1905-01 CVE-2019-0232 high 2019-05-07 2019-06-21
Ready to talk to sales? Contact us.