Americas
Oceania
Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides
information on the status of investigation and provides additional information on products confirmed to be affected
and recommended action to be taken by customers. Advisories are posted in reverse chronological order.
This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including
the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the
information is accurate or up to date. By using the information, you acknowledge and agree that your use of the
information, or the documents or materials linked to this information, is at your own risk. In addition,
Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement
with Mitel. Mitel reserves the right to change or update this information without notice at any time.
Click here for a more comprehensive details on Mitel’s Product Security Policy ›
Description | Advisory ID | CVE# | Severity | Publish Date | Last Updated |
---|---|---|---|---|---|
Microsoft Patchday March 2017: Microsoft Windows SMB Remote Code Execution vulnerabilities | OBSO-1704-01 | - | high | 2017-04-28 | 2017-05-09 |
Apache Struts2 Jakarta Multipart Parser File Upload Remote Code Execution (CVE 2017-5638) | OBSO-1703-02 | CVE 2017-5638 | info | 2017-03-31 | 2018-10-12 |
Apache Struts Remote Code Execution Vulnerability CVE-2017-5638 | 17-0004 | CVE-2017-5638 | critical | 2017-03-20 | 2017-03-20 |
CIA Hack of Siemens/ Unify telephones | OBSO-1703-01 | - | info | 2017-03-14 | 2017-03-14 |
Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360) | 17-0003 | CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864 | critical | 2017-02-15 | 2017-04-03 |
Privilege Escalation / Remote Code Execution Vulnerability in MiVoice Conference/Video Phone (UC360) | 17-0002 | CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864 | high | 2017-02-15 | 2017-02-15 |
Misuse / Potential Compromise of Certain Mitel Product Certificates | 17-0001 | CWE-321 | info | 2017-02-09 | 2017-04-03 |
SHA-1 certificates: depreciation in 2017 | OBSO-1701-01 | - | info | 2017-01-03 | 2017-01-03 |
Vulnerability in Objective Systems ASN1C (CVE-2016-5080) | 16-0020 | CVE-2016-5080 CWE-190 | critical | 2016-12-02 | 2016-12-02 |
Dirty Cow: Linux Kernel MAP_PRIVATE COW Flag Breakage Race Condition (CVE-2016-5195) | OBSO-1611-01 | CVE-2016-5195 | medium | 2016-11-07 | 2018-06-01 |
MiCollab Client Web Portal Call Service Vulnerability | 16-0018 | CWE-284 | low | 2016-11-04 | 2016-11-04 |
MiCollab Desktop Client Bypasses Windows Firewall | 16-0016 | CWE-264 | medium | 2016-11-04 | 2016-11-04 |
Unrestricted File Upload in MiCollab AWV | 16-0015 | CWE-434 | medium | 2016-11-04 | 2016-11-04 |
Leap Second on 2016-12-31 – Security Note for Unify Products | OBSO-1610-03 | - | medium | 2016-10-27 | 2016-10-27 |
CVE-2016-5195: Linux Kernel Privilege Escalation | 16-0019 | CVE-2016-5195 | high | 2016-10-27 | 2016-12-06 |
ISC BIND Nameserver Denial of Service Vulnerabilities (CVE-2016-2776/CVE-2016-2848) | OBSO-1610-02 | CVE-2016-2776, CVE-2016-2848 | medium | 2016-10-25 | 2016-10-25 |
OpenScape Xpressions – Information Exposure Vulnerability Through HTTP GET Method at Web Assistant Interface | OBSO-1610-01 | - | medium | 2016-10-18 | 2016-10-18 |
Multiple Vulnerabilities in ntpd versions < 4.2.8p8 / < 4.3.93 | 16-0014 | CVE-2016-7979 CVE-2016-4957 CVE-2016-4956 CVE-2016-4954 CVE-2016-4953 CVE-2016-2518 CVE-2016-2106 CVE-2016-1548 CVE-2016-1547 CVE-2016-1550 | high | 2016-08-02 | 2016-08-02 |
httpoxy: A CGI Application Vulnerability Affecting Multiple Web Application Languages and Services | OBSO-1607-01 | - | info | 2016-07-21 | 2016-07-27 |
Multiple Vulnerabilities in OpenSSL | 16-0013 | CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2176 CVE-2016-2842 | high | 2016-07-05 | 2016-07-05 |