Mattia Reggiani

**Name of the Vulnerable Software and Affected Versions** IP Office versions 10.0 through 10.1 SP3 IP Office versions 11.0 prior to 11.0 SP1 **Description** A stored cross site scripting issue in the one-x Portal component of IP Office could allow an authenticated user to perform attacks via fields in the Conference Scheduler Service, potentially affecting other application users. **Recommendations** For IP Office versions 10.0 through 10.1 SP3, update to a version after 10.1 SP3 to resolve the issue. For IP Office versions 11.0 prior to 11.0 SP1, update to 11.0 SP1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Mitel MiVoice 5330e (affected versions not specified) Description: The issue is related to memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this remotely by sending a particular pattern of SIP/SDP packets, potentially causing a denial of service state in the affected devices and possibly allowing remote code execution. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.