SECURITY ADVISORIES

Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers. Advisories are posted in reverse chronological order.


This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement with Mitel. Mitel reserves the right to change or update this information without notice at any time.

Click here for a more comprehensive details on Mitel’s Product Security Policy ›


STAY ONE STEP AHEAD

GET NOTIFICATIONS OF THE LATEST SECURITY ADVISORIES SENT RIGHT TO YOUR INBOX EVERY WEEK!

SIGN UP
Description Advisory ID CVE# Severity Publish Date Last Updated
Google WebRTC RTCPeerConnection Object Handling Use-after-free Arbitrary Code Execution (CVE-2019-6211) OBSO-1903-01 CVE-2019-6211 medium 2019-03-04 2019-03-04
Spring Framework ResourceHttpRequestHandler Remote DoS (CVE-2018-15756) OBSO-1812-01 CVE-2018-15756 low 2018-12-13 2018-12-13
MiCollab Authorization Vulnerability 18-0012 CVE-2018-18819 medium 2018-10-31 2018-10-31
MiCollab SQL Injection and Stored XSS vulnerabilities 18-0011 N/A high 2018-10-31 2018-10-31
Apache Struts 2 Remote Code Execution Vulnerability 18-0010 CVE-2018-11776 high 2018-10-31 2018-10-31
Chinese spy chips in Supermicro servers OBSO-1810-01 - low 2018-10-08 2018-12-14
MiVoice 5300 IP Series Phone Denial of Service Vulnerability 18-0009 CVE-2018-15497 critical 2018-09-25 2018-09-25
MiVoice Office 400 Reflected XSS Vulnerability 18-0008 CVE-2018-16226 medium 2018-09-04 2018-09-04
ST 14.2 Reflected XSS Vulnerability 18-0007 CVE-2018-12901 medium 2018-09-04 2018-09-04
Faxploit: DEF CON 2018: HP OfficeJet Printer Attack (CVE-2018-5925/CVE-2018-5924) OBSO-1808-01 CVE-2018-5925, CVE-2018-5924 low 2018-08-22 2018-08-22
OpenScape Business Root Access OBSO-1807-01 - high 2018-07-30 2018-07-30
Zip Slip (CVE-2018-8009) OBSO-1806-03 CVE-2018-8009 medium 2018-06-28 2018-10-18
Electron Custom Protocol Handler Processing Arbitrary Command Injection (CVE-2018-1000006/ CVE-2018-1000118) OBSO-1806-02 CVE-2018-1000006, CVE-2018-1000118 medium 2018-06-28 2018-06-28
Electron webview Options Object Remote Node.js Integration Manipulation (CVE-2018-1000136) OBSO-1806-01 CVE-2018-1000136 medium 2018-06-05 2018-06-05
Spring Framework spring-messaging Module Message Handling Remote Code Execution (CVE-2018-1270/ CVE-2018-1275) OBSO-1805-01 CVE-2018-1270, CVE-2018-1275 high 2018-05-24 2018-06-01
Side-Channel Analysis, Spectre Variant 4 and 3a 18-0006 CVE-2018-3640 medium 2018-05-23 2018-06-26
Mitel for Salesforce XSS Vulnerability 18-0005 N/A high 2018-03-06 2018-03-06
Connect OnSite and ST 14.2 Multiple PHP Vulnerabilities 18-0004 CVE-2018-5779 CVE-2018-5780 CVE-2018-5781 CVE-2018-5782 CVE-2017-16250 CVE-2017-16251 high 2018-03-06 2018-03-06
MiVoice Connect and ST 14.2 SQL Injection and Reflected XSS Vulnerabilities 18-0003 CVE-2018-9101 CVE-2018-9102 CVE-2018-9103 CVE-2018-9104 medium 2018-01-31 2018-01-31
XML External Entity (XXE) Vulnerability in MiCollab AWV 18-0002 CWE-918 high 2018-01-31 2018-01-31

Stay One Step Ahead

Ready to talk to sales? Contact us.
Find a Partner +44 1291 430 000 Email Us