CVE-2023-22854

CRITICAL Year: 2023
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-839
View all →

Vulnerability Description

The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.

Related Vulnerabilities

CVE-2019-20925

HIGH
CVSS:7.5(High)

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects Mon...

CWE-8392019

CVE-2023-0425

HIGH
CVSS:7.5(High)

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who succe...

CWE-8392023

CVE-2019-20925

HIGH
CVSS:7.5(High)

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects Mon...

CWE-8392019

CVE-2023-0425

HIGH
CVSS:7.5(High)

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who succe...

CWE-8392023