CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

mitel

micloud_management_portal

5 known vulnerabilities · sorted by CVSS score

CVE-2020-24594

CRITICAL9.6

Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.

mitel / micloud_management_portal+2

Network

Published Sep 25, 2020

CVE-2020-24593

HIGH7.2

Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation.

mitel / micloud_management_portal+2

Network

Published Sep 25, 2020

CVE-2018-3639

MEDIUM5.5

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

intel / atom_c+625

Local

Published May 22, 2018

CVE-2020-24595

MEDIUM5.3

Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control.

mitel / micloud_management_portal+2

Network

Published Sep 25, 2020

CVE-2020-24592

MEDIUM5.3

Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization.

mitel / micloud_management_portal+2

Network

Published Sep 25, 2020