Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides
information on the status of investigation and provides additional information on products confirmed to be affected
and recommended action to be taken by customers. Advisories are posted in reverse chronological order.
This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including
the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the
information is accurate or up to date. By using the information, you acknowledge and agree that your use of the
information, or the documents or materials linked to this information, is at your own risk. In addition,
Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement
with Mitel. Mitel reserves the right to change or update this information without notice at any time.
Click here for a more comprehensive details on Mitel’s Product Security Policy ›
Description | Advisory ID | CVE# | Severity | Publish Date | Last Updated |
---|---|---|---|---|---|
Google WebRTC RTCPeerConnection Object Handling Use-after-free Arbitrary Code Execution (CVE-2019-6211) | OBSO-1903-01 | CVE-2019-6211 | medium | 2019-03-04 | 2019-03-04 |
Spring Framework ResourceHttpRequestHandler Remote DoS (CVE-2018-15756) | OBSO-1812-01 | CVE-2018-15756 | low | 2018-12-13 | 2018-12-13 |
MiCollab Authorization Vulnerability | 18-0012 | CVE-2018-18819 | medium | 2018-10-31 | 2018-10-31 |
MiCollab SQL Injection and Stored XSS vulnerabilities | 18-0011 | N/A | high | 2018-10-31 | 2018-10-31 |
Apache Struts 2 Remote Code Execution Vulnerability | 18-0010 | CVE-2018-11776 | high | 2018-10-31 | 2018-10-31 |
Chinese spy chips in Supermicro servers | OBSO-1810-01 | - | low | 2018-10-08 | 2018-12-14 |
MiVoice 5300 IP Series Phone Denial of Service Vulnerability | 18-0009 | CVE-2018-15497 | critical | 2018-09-25 | 2018-09-25 |
MiVoice Office 400 Reflected XSS Vulnerability | 18-0008 | CVE-2018-16226 | medium | 2018-09-04 | 2018-09-04 |
ST 14.2 Reflected XSS Vulnerability | 18-0007 | CVE-2018-12901 | medium | 2018-09-04 | 2018-09-04 |
Faxploit: DEF CON 2018: HP OfficeJet Printer Attack (CVE-2018-5925/CVE-2018-5924) | OBSO-1808-01 | CVE-2018-5925, CVE-2018-5924 | low | 2018-08-22 | 2018-08-22 |
OpenScape Business Root Access | OBSO-1807-01 | - | high | 2018-07-30 | 2018-07-30 |
Zip Slip (CVE-2018-8009) | OBSO-1806-03 | CVE-2018-8009 | medium | 2018-06-28 | 2018-10-18 |
Electron Custom Protocol Handler Processing Arbitrary Command Injection (CVE-2018-1000006/ CVE-2018-1000118) | OBSO-1806-02 | CVE-2018-1000006, CVE-2018-1000118 | medium | 2018-06-28 | 2018-06-28 |
Electron webview Options Object Remote Node.js Integration Manipulation (CVE-2018-1000136) | OBSO-1806-01 | CVE-2018-1000136 | medium | 2018-06-05 | 2018-06-05 |
Spring Framework spring-messaging Module Message Handling Remote Code Execution (CVE-2018-1270/ CVE-2018-1275) | OBSO-1805-01 | CVE-2018-1270, CVE-2018-1275 | high | 2018-05-24 | 2018-06-01 |
Side-Channel Analysis, Spectre Variant 4 and 3a | 18-0006 | CVE-2018-3640 | medium | 2018-05-23 | 2018-06-26 |
Mitel for Salesforce XSS Vulnerability | 18-0005 | N/A | high | 2018-03-06 | 2018-03-06 |
Connect OnSite and ST 14.2 Multiple PHP Vulnerabilities | 18-0004 | CVE-2018-5779 CVE-2018-5780 CVE-2018-5781 CVE-2018-5782 CVE-2017-16250 CVE-2017-16251 | high | 2018-03-06 | 2018-03-06 |
MiVoice Connect and ST 14.2 SQL Injection and Reflected XSS Vulnerabilities | 18-0003 | CVE-2018-9101 CVE-2018-9102 CVE-2018-9103 CVE-2018-9104 | medium | 2018-01-31 | 2018-01-31 |
XML External Entity (XXE) Vulnerability in MiCollab AWV | 18-0002 | CWE-918 | high | 2018-01-31 | 2018-01-31 |