Americas
Oceania
Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides
information on the status of investigation and provides additional information on products confirmed to be affected
and recommended action to be taken by customers. Advisories are posted in reverse chronological order.
This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including
the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the
information is accurate or up to date. By using the information, you acknowledge and agree that your use of the
information, or the documents or materials linked to this information, is at your own risk. In addition,
Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement
with Mitel. Mitel reserves the right to change or update this information without notice at any time.
Click here for a more comprehensive details on Mitel’s Product Security Policy ›
Description | Advisory ID | CVE# | Severity | Publish Date | Last Updated |
---|---|---|---|---|---|
Side-Channel Analysis, Spectre Variant 4 and 3a | 18-0006 | CVE-2018-3640 | medium | 2018-05-23 | 2018-06-26 |
Mitel for Salesforce XSS Vulnerability | 18-0005 | N/A | high | 2018-03-06 | 2018-03-06 |
Connect OnSite and ST 14.2 Multiple PHP Vulnerabilities | 18-0004 | CVE-2018-5779 CVE-2018-5780 CVE-2018-5781 CVE-2018-5782 CVE-2017-16250 CVE-2017-16251 | high | 2018-03-06 | 2018-03-06 |
MiVoice Connect and ST 14.2 SQL Injection and Reflected XSS Vulnerabilities | 18-0003 | CVE-2018-9101 CVE-2018-9102 CVE-2018-9103 CVE-2018-9104 | medium | 2018-01-31 | 2018-01-31 |
XML External Entity (XXE) Vulnerability in MiCollab AWV | 18-0002 | CWE-918 | high | 2018-01-31 | 2018-01-31 |
Side-Channel Analysis Vulnerabilities | 18-0001 | CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 | medium | 2018-01-08 | 2018-05-08 |
Intel processor flaw: Meltdown and Spectre vulnerabilities (CVE-2017-5715/CVE-2017-5753/ CVE-2017-5754) | OBSO-1801-01 | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 | medium | 2018-01-04 | 2019-06-21 |
OpenStage and OpenScape Desk Phones: Web Based Management pages access without admin password | OBSO-1712-01 | - | medium | 2017-12-13 | 2017-12-13 |
SSRF/XSPA Vulnerability in MiContact Center Business | 17-0012 | CWE-918 | high | 2017-12-08 | 2017-12-08 |
WPA2 Protocol Four-way Handshake Handling MitM Issue (KRACK attack) | OBSO-1711-01 | - | medium | 2017-11-03 | 2018-02-21 |
Vulnerability in MiCollab Microsoft Outlook Plugin | 17-0011 | N/A | high | 2017-10-30 | 2017-10-30 |
Linux Kernel bluetooth Remote Stack Buffer Overflow (BlueBorne) (CVE-2017-1000251) | OBSO-1710-01 | CVE-2017-1000251 | medium | 2017-10-06 | 2017-11-03 |
RTPproxy NAT Functionality RTP Traffic Handling Remote Packet Disclosure (RTP Bleed) (CVE-2017-14114) | OBSO-1709-02 | CVE-2017-14114 | info | 2017-09-28 | 2017-09-28 |
curl / libcurl Function TFTP File Name Handling Out-of-bounds Read Issue (CVE-2017-1000100) | OBSO-1709-01 | CVE-2017-1000100 | info | 2017-09-21 | 2017-09-21 |
Multiple Vulnerabilities in MiCollab and MiCollab AWV | 17-0010 | CWE-20 CWE-79 CWE-93 CWE-307 | high | 2017-09-14 | 2017-09-14 |
Linux Kernel Stack Guard Page Security Feature Bypass Weakness (CVE-2017-1000364) | OBSO-1708-01 | CVE-2017-1000364 | medium | 2017-08-02 | 2020-02-06 |
SMB1 Remote Code Execution | 17-0009 | CWE-306 CWE-862 | high | 2017-06-05 | 2017-06-05 |
OpenSSL Vulnerabilities in MiCollab Desktop Applications | 17-0008 | CVE-2016-2183 CVE-2014-0160 | high | 2017-06-05 | 2017-06-05 |
Unauthorized Access to MiCollab Client | 17-0006 | CWE-306 CWE-862 | high | 2017-06-05 | 2017-06-05 |
WannaCry Ransomware Attack | 17-0007 | N/A | high | 2017-05-23 | 2017-05-23 |