SECURITY ADVISORIES

Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers. Advisories are posted in reverse chronological order.


This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement with Mitel. Mitel reserves the right to change or update this information without notice at any time.

Click here for a more comprehensive details on Mitel’s Product Security Policy ›


STAY ONE STEP AHEAD

GET NOTIFICATIONS OF THE LATEST SECURITY ADVISORIES SENT RIGHT TO YOUR INBOX EVERY WEEK!

Description Advisory ID CVE# Severity Publish Date Last Updated
MiVoice Connect Reflected Cross-site Scripting Vulnerability 23-0003 CVE-2023-25598 CVE-2023-25599 medium 2023-05-17 2023-05-17
Multiple vulnerabilities in Atos Unify OpenScape 4000 Assistant and Atos Unify OpenScape 4000 Manager (CVE-2023- 35031/CVE-2023- 35032/CVE-2023- 35033/CVE-2023- 35034/CVE-2023- 35035) OBSO-2305-01 CVE-2023-35031, CVE-2023-35032, CVE-2023-35033, CVE-2023-35034, CVE-2023-35035 critical 2023-05-02 2023-06-16
MiCollab Authentication Vulnerability 23-0002 CVE-2023-25597 medium 2023-04-05 2023-04-05
Command injection vulnerability in Atos Unify OpenScape SBC, Atos Unify OpenScape Branch and Atos Unify OpenScape BCF (CVE-2023-30638) OBSO-2303-02 CVE-2023-30638 high to medium 2023-03-28 2023-05-08
Command injection vulnerability in the Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager (CVE-2023- 29473/CVE-2023- 29474/CVE-2023- 29475) OBSO-2303-01 CVE-2023-29473, CVE-2023-29474, CVE-2023-29475 critical 2023-03-20 2023-06-16
MiContact Center Business Local File Inclusion Vulnerability 23-0001 CVE-2023-22854 high 2023-01-18 2023-01-18
Command injection vulnerability in Atos Unify OpenScape 4000 Assistant and Atos Unify OpenScape 4000 Manager (CVE-2022-46404) OBSO-2211-02 CVE-2022-46404 critical 2022-11-28 2022-11-28
OpenSSL V3 buffer overflow vulnerabilities (CVE-2022-3602/CVE-2022-3786) OBSO-2211-01 CVE-2022-3602, CVE-2022-3786 medium 2022-11-08 2022-12-08
Apache Commons Text Insecure Interpolation Defaults Input Handling Arbitrary Code Execution (CVE-2022-42889) OBSO-2210-01 CVE-2022-42889 medium 2022-10-26 2023-09-28
Mitel MiCollab Authorization Control Vulnerability 22-0009 CVE-2022-41326 critical 2022-10-12 2022-10-12
MiVoice Connect Code Injection Vulnerability 22-0008 CVE-2022-41223 medium 2022-10-12 2022-10-13
MiVoice Connect Command Injection Vulnerability 22-0007 CVE-2022-40765 medium 2022-10-12 2022-10-13
Realtek eEcos SDK vulnerability (CVE-2022-27255) OBSO-2209-01 CVE-2022-27255 info 2022-09-05 2022-10-26
Mitel MiCollab Multiple Security Vulnerabilities 22-0006 CVE-2022-36451 CVE-2022-36452 CVE-2022-36453 CVE-2022-36454 medium 2022-07-27 2022-08-29
OpenSSL Certificate Parsing Infinite Loop Remote DoS (CVE-2022-0778) OBSO-2207-01 CVE-2022-0778 high to medium 2022-07-14 2023-01-31
Impact of critical Expat vulnerabilities on Atos Unify OpenScape Xpert (CVE-2022-23990/CVE-2022-23852) OBSO-2206-01 CVE-2022-23990, CVE-2022-23852 high to medium 2022-06-29 2022-06-29
MiVoice Business, MiVoice Business Express Buffer Overflow Vulnerability 22-0005 CVE-2022-31784 critical 2022-06-08 2022-06-08
Mitel 6800 Series SIP Phone and 6900 Series SIP Phone Access Control Vulnerability 22-0004 CVE-2022-29855 medium 2022-05-03 2022-05-03
Mitel 6900 Series IP Phone Access Control Vulnerability 22-0003 CVE-2022-29854 medium 2022-05-03 2022-05-12
MiVoice Connect Data Validation Vulnerability 22-0002 CVE-2022-29499 critical 2022-04-19 2022-07-06
Ready to talk to sales? Contact us.