Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides
information on the status of investigation and provides additional information on products confirmed to be affected
and recommended action to be taken by customers. Advisories are posted in reverse chronological order.
For Unify product portfolio customers looking for security advisory information about their applications, product security vulnerabilities are published at unify.com/en/support/security-advisories.
This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including
the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the
information is accurate or up to date. By using the information, you acknowledge and agree that your use of the
information, or the documents or materials linked to this information, is at your own risk. In addition,
Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement
with Mitel. Mitel reserves the right to change or update this information without notice at any time.
Click here for a more comprehensive details on Mitel’s Product Security Policy ›
Description | Advisory ID | CVE# | Severity | Publish Date | Last Updated |
---|---|---|---|---|---|
MiVoice Connect Mobility Router Command Injection Vulnerability | 23-0007 | CVE-2023-31460 | high | 2023-05-17 | 2023-05-17 |
MiVoice Connect Mobility Router Default Password Vulnerability | 23-0006 | CVE-2023-31459 | high | 2023-05-17 | 2023-05-17 |
MiVoice Connect Default Password Vulnerability | 23-0005 | CVE-2023-31458 | critical | 2023-05-17 | 2023-05-17 |
MiVoice Connect Improper Access Control Vulnerability | 23-0004 | CVE-2023-31457 CVE-2023-32748 | critical | 2023-05-17 | 2023-05-17 |
MiVoice Connect Reflected Cross-site Scripting Vulnerability | 23-0003 | CVE-2023-25598 CVE-2023-25599 | medium | 2023-05-17 | 2023-05-17 |
MiCollab Authentication Vulnerability | 23-0002 | CVE-2023-25597 | medium | 2023-04-05 | 2023-04-05 |
MiContact Center Business Local File Inclusion Vulnerability | 23-0001 | CVE-2023-22854 | high | 2023-01-18 | 2023-01-18 |
Mitel MiCollab Authorization Control Vulnerability | 22-0009 | CVE-2022-41326 | critical | 2022-10-12 | 2022-10-12 |
MiVoice Connect Code Injection Vulnerability | 22-0008 | CVE-2022-41223 | medium | 2022-10-12 | 2022-10-13 |
MiVoice Connect Command Injection Vulnerability | 22-0007 | CVE-2022-40765 | medium | 2022-10-12 | 2022-10-13 |
Mitel MiCollab Multiple Security Vulnerabilities | 22-0006 | CVE-2022-36451 CVE-2022-36452 CVE-2022-36453 CVE-2022-36454 | medium | 2022-07-27 | 2022-08-29 |
MiVoice Business, MiVoice Business Express Buffer Overflow Vulnerability | 22-0005 | CVE-2022-31784 | critical | 2022-06-08 | 2022-06-08 |
Mitel 6800 Series SIP Phone and 6900 Series SIP Phone Access Control Vulnerability | 22-0004 | CVE-2022-29855 | medium | 2022-05-03 | 2022-05-03 |
Mitel 6900 Series IP Phone Access Control Vulnerability | 22-0003 | CVE-2022-29854 | medium | 2022-05-03 | 2022-05-12 |
MiVoice Connect Data Validation Vulnerability | 22-0002 | CVE-2022-29499 | critical | 2022-04-19 | 2022-07-06 |
MiCollab, MiVoice Business Express Access Control Vulnerability | 22-0001 | CVE-2022-26143 | critical | 2022-02-22 | 2022-03-11 |
Vulnerability in Apache Log4j Libraries Affecting Mitel Products | 21-0010 | CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 CVE-2021-44832 CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 | critical | 2021-12-13 | 2022-11-16 |
Mitel Interaction Call Recording Vulnerability | 21-0006 | CVE-2021-37586 | medium | 2021-08-02 | 2021-08-02 |
Mitel MiCollab Multiple Security Vulnerabilities | 21-0005 | CVE-2021-32067 CVE-2021-32072 CVE-2021-32068 CVE-2021-32071 CVE-2021-32069 CVE-2021-32070 | high to medium | 2021-05-24 | 2021-05-24 |
Mitel MiCollab Multiple Security Vulnerabilities | 21-0004 | CVE-2021-27402 CVE-2021-27401 | medium | 2021-03-09 | 2021-03-09 |