Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides
information on the status of investigation and provides additional information on products confirmed to be affected
and recommended action to be taken by customers. Advisories are posted in reverse chronological order.
For Unify product portfolio customers looking for security advisory information about their applications, product security vulnerabilities are published at unify.com/en/support/security-advisories.
This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including
the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the
information is accurate or up to date. By using the information, you acknowledge and agree that your use of the
information, or the documents or materials linked to this information, is at your own risk. In addition,
Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement
with Mitel. Mitel reserves the right to change or update this information without notice at any time.
Click here for a more comprehensive details on Mitel’s Product Security Policy ›
Description | Advisory ID | CVE# | Severity | Publish Date | Last Updated |
---|---|---|---|---|---|
SSRF/XSPA Vulnerability in MiContact Center Business | 17-0012 | CWE-918 | high | 2017-12-08 | 2017-12-08 |
Vulnerability in MiCollab Microsoft Outlook Plugin | 17-0011 | N/A | high | 2017-10-30 | 2017-10-30 |
Multiple Vulnerabilities in MiCollab and MiCollab AWV | 17-0010 | CWE-20 CWE-79 CWE-93 CWE-307 | high | 2017-09-14 | 2017-09-14 |
SMB1 Remote Code Execution | 17-0009 | CWE-306 CWE-862 | high | 2017-06-05 | 2017-06-05 |
OpenSSL Vulnerabilities in MiCollab Desktop Applications | 17-0008 | CVE-2016-2183 CVE-2014-0160 | high | 2017-06-05 | 2017-06-05 |
Unauthorized Access to MiCollab Client | 17-0006 | CWE-306 CWE-862 | high | 2017-06-05 | 2017-06-05 |
WannaCry Ransomware Attack | 17-0007 | N/A | high | 2017-05-23 | 2017-05-23 |
Apache Struts Remote Code Execution Vulnerability CVE-2017-5638 | 17-0004 | CVE-2017-5638 | critical | 2017-03-20 | 2017-03-20 |
Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360) | 17-0003 | CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864 | critical | 2017-02-15 | 2017-04-03 |
Privilege Escalation / Remote Code Execution Vulnerability in MiVoice Conference/Video Phone (UC360) | 17-0002 | CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864 | high | 2017-02-15 | 2017-02-15 |
Misuse / Potential Compromise of Certain Mitel Product Certificates | 17-0001 | CWE-321 | info | 2017-02-09 | 2017-04-03 |
Vulnerability in Objective Systems ASN1C (CVE-2016-5080) | 16-0020 | CVE-2016-5080 CWE-190 | critical | 2016-12-02 | 2016-12-02 |
MiCollab Client Web Portal Call Service Vulnerability | 16-0018 | CWE-284 | low | 2016-11-04 | 2016-11-04 |
MiCollab Desktop Client Bypasses Windows Firewall | 16-0016 | CWE-264 | medium | 2016-11-04 | 2016-11-04 |
Unrestricted File Upload in MiCollab AWV | 16-0015 | CWE-434 | medium | 2016-11-04 | 2016-11-04 |
CVE-2016-5195: Linux Kernel Privilege Escalation | 16-0019 | CVE-2016-5195 | high | 2016-10-27 | 2016-12-06 |
Multiple Vulnerabilities in ntpd versions < 4.2.8p8 / < 4.3.93 | 16-0014 | CVE-2016-7979 CVE-2016-4957 CVE-2016-4956 CVE-2016-4954 CVE-2016-4953 CVE-2016-2518 CVE-2016-2106 CVE-2016-1548 CVE-2016-1547 CVE-2016-1550 | high | 2016-08-02 | 2016-08-02 |
Multiple Vulnerabilities in OpenSSL | 16-0013 | CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2176 CVE-2016-2842 | high | 2016-07-05 | 2016-07-05 |
XSS Vulnerability in MiCollab AWV | 16-0012 | N/A | high | 2016-06-03 | 2016-06-03 |
Multiple Vulnerabilities in ImageMagick | 16-0011 | CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 | high | 2016-05-09 | 2016-06-03 |