📦

cmg_suite

Vendor: mitel

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 3 Total Indexed

Avg. EPSS 1.43% Exploit Prob.

Latest CVE CVE-2018-18285 Apr 25

Security Vulnerability Index

Page 1 / 1

9.8 CVSS

CVE-2018-18285

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.

EPSS: 0.60%

Severity: CRITICAL

Apr 25, 2019

9.8 CVSS

CVE-2018-18286

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.

EPSS: 0.60%

Severity: CRITICAL

Apr 25, 2019

9.8 CVSS

CVE-2018-19275

The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system.

EPSS: 3.10%

Severity: CRITICAL

Apr 02, 2019

Displaying 3 of 3 Total Entries

Total 1 Sections