CVE-2024-28069

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mitel:micontact_center_business:*:*:*:*:*:*:*:*

History

02 Jun 2025, 14:19

Type Values Removed Values Added
First Time Mitel
Mitel micontact Center Business
CPE cpe:2.3:a:mitel:micontact_center_business:*:*:*:*:*:*:*:*
References () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0001 - () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0001 - Vendor Advisory

18 Mar 2025, 14:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

21 Nov 2024, 09:05

Type Values Removed Values Added
References () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0001 - () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0001 -

02 Aug 2024, 21:35

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en el componente de chat heredado de Mitel MiContact Center Business hasta la versión 10.0.0.4 podría permitir que un atacante no autenticado lleve a cabo un ataque de divulgación de información debido a una configuración incorrecta. Un exploit exitoso podría permitir a un atacante acceder a información confidencial y potencialmente realizar acciones no autorizadas dentro del componente vulnerable.
CWE CWE-922

16 Mar 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-16 06:15

Updated : 2025-06-02 14:19


NVD link : CVE-2024-28069

Mitre link : CVE-2024-28069

CVE.ORG link : CVE-2024-28069


JSON object : View

Products Affected

mitel

  • micontact_center_business
CWE
CWE-922

Insecure Storage of Sensitive Information