SECURITY ADVISORIES

Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers. Advisories are posted in reverse chronological order.


This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement with Mitel. Mitel reserves the right to change or update this information without notice at any time.

Click here for a more comprehensive details on Mitel’s Product Security Policy ›


STAY ONE STEP AHEAD

GET NOTIFICATIONS OF THE LATEST SECURITY ADVISORIES SENT RIGHT TO YOUR INBOX EVERY WEEK!

Description Advisory ID CVE# Severity Publish Date Last Updated
MiCollab Path Traversal Vulnerability MISA-2024-0029 CVE-2024-41713, CVE-2024-55550 critical 2024-10-09 2024-12-12
MiCollab SQL Injection Vulnerability MISA-2024-0028 CVE-2024-47223 critical 2024-10-09 2024-10-09
MiCollab Authentication Bypass Vulnerability MISA-2024-0027 CVE-2024-47912 high 2024-10-09 2024-10-09
MiCollab SQL Injection Vulnerability in the API Interface MISA-2024-0026 CVE-2024-47189 high 2024-10-09 2024-10-09
MiCollab CRLF Injection Vulnerability MISA-2024-0025 CVE-2024-47224 medium 2024-10-09 2024-10-09
MiContact Center Business Unauthorized Access Vulnerability 24-0024 CVE-2024-42514 high 2024-08-21 2024-10-02
Unify OpenScape Business Sensitive Information Disclosure Vulnerability OBSO-2408-01 medium 2024-08-14 2024-08-14
MiCollab Privilege Escalation Vulnerability 24-0023 CVE-2024-35287 high 2024-07-24 2024-07-24
MiCollab Command Injection Vulnerability in the Web Conferencing Component 24-0022 CVE-2024-41712 high 2024-07-24 2024-07-24
MiCollab Command Injection Vulnerability 24-0021 CVE-2024-41714 critical 2024-07-24 2024-08-13
Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager Command Injection Vulnerability OBSO-2407-03 critical 2024-07-17 2024-07-17
Unify OpenScape 4000 and Unify OpenScape 4000 Manager Command Injection Vulnerability in the Platform Webservice OBSO-2407-02 critical 2024-07-17 2024-09-25
Mitel 6800 Series, 6900 Series and 6900w Series SIP Phones, including 6970 Conference Unit Command Injection 24-0020 CVE-2024-41711 medium 2024-07-17 2024-07-30
Mitel 6800 Series, 6900 Series and 6900w Series SIP Phones, including 6970 Conference Unit Command Injection in the Boot Process 24-0019 CVE-2024-41710 high 2024-07-17 2024-07-30
PHP CGI Module Argument Injection Vulnerability OBSO-2407-01 CVE-2024-4577 critical 2024-07-10 2024-07-10
PHP Argument Injection Vulnerability Affecting Mitel Products 24-0018 CVE-2024-4577 critical 2024-07-10 2024-07-10
MiVoice MX-ONE Authentication Bypass Vulnerability 24-0017 CVE-2024-36446 high 2024-05-29 2024-05-31
MiCollab Privilege Escalation Vulnerability 24-0016 CVE-2024-35315 high 2024-05-23 2024-06-05
MiCollab Argument Injection Vulnerability 24-0015 CVE-2024-35314 high 2024-05-23 2024-11-06
MiCollab SQL Injection Vulnerability 24-0014 CVE-2024-35286 critical 2024-05-23 2024-05-23
Ready to talk to sales? Contact us.