Security Advisories

Vulnerability Intelligence Process

Product Security Advisories and Security Notes

The Product Security Team of Unify publishes Security Advisories and associated notes as part of Unify’s Vulnerability Intelligence Process.

Security Advisories are published to address security issues in Unify products and how to mitigate or solve them.

Find more information in the associated Security Policy – Vulnerability Intelligence Process (Version 1.6 / published 2023-11-29)

Subscribe to receive e-mail notifications for new or updated Unify Product Security Advisories and Security Notes by sending an email to

As part of your subscription, we will store personal data to provide information about security advisories to you. With your subscription you provide consent to the processing of your personal data. Refer to the Privacy Information Notice for Unify Security Advisories for additional information related to the processing of your personal data.

For Mitel product portfolio customers looking for security advisory information about their applications, product security vulnerabilities are published at

Follow @UnifyCoSecurity on Twitter or search for #obso

List of Security Advisories

Advisory ID Title Risk Level Release Date Last Update
OBSO-2401-02 Apache ActiveMQ OpenWire Protocol Class Type Manipulation Arbitrary Code Execution Vulnerability (CVE-2023-46604) critical to high 2024-01-10 2024-01-10
OBSO-2401-01 Path Traversal vulnerability in Atos Unify OpenScape Voice (CVE-2023-48166) high 2024-01-10 2024-01-10
OBSO-2312-01 Multiple vulnerabilities affecting Atos Unify IP Devices high to medium 2023-12-11 2023-12-15
OBSO-2310-02 Google WebP (libwebp) utils/huffman_utils.c BuildHuffmanTable() Function Stream Decoding Heap Buffer Overflow (CVE-2023-4863,CVE-2023-5129) high to medium 2023-12-11 2023-12-13
OBSO-2310-01 Argument injection vulnerability in Atos Unify OpenScape SBC and Atos Unify OpenScape Branch (CVE-2023-6269) critical 2023-10-04 2023-12-01
OBSO-2308-02 Command injection vulnerabilities in the Atos Unify OpenScape 4000 Platform and Atos Unify OpenScape 4000 Manager Platform (CVE-2023-45355/CVE-2023-45356) high 2023-08-10 2023-10-19
OBSO-2308-01 Usage of Ghostscript within Atos Unify OpenScape Xpressions high 2023-08-02 2023-08-02
OBSO-2307-01 Multiple vulnerabilities in Atos Unify OpenScape SBC, Atos Unify OpenScape Branch and Atos Unify OpenScape BCF (CVE-2023-36618/CVE-2023-36619) high 2023-07-06
OBSO-2306-02 Multiple Vulnerabilities affecting Atos Unify OpenScape Applications (CVE-2023-45352/CVE-2023-45353/CVE-2023-45354) high 2023-07-03
OBSO-2306-01 Multiple vulnerabilities affecting Atos Unify OpenScape 4000 Assistant and Atos Unify OpenScape 4000 Manager (CVE-2023-45349/CVE-2023-45350/CVE-2023-45351) high 2023-06-14
OBSO-2305-03 Multiple vulnerabilities in Atos Unify OpenScape Xpressions high to medium 2023-05-22
OBSO-2305-02 Multiple vulnerabilities affecting Atos Unify OpenScape Voice Trace Manager critical 2023-05-22
OBSO-2305-01 Multiple vulnerabilities in Atos Unify OpenScape 4000 Assistant and Atos Unify OpenScape 4000 Manager (CVE-2023- 35031/CVE-2023- 35032/CVE-2023- 35033/CVE-2023- 35034/CVE-2023- 35035) critical 2023-05-02
OBSO-2303-02 Command injection vulnerability in Atos Unify OpenScape SBC, Atos Unify OpenScape Branch and Atos Unify OpenScape BCF (CVE-2023-30638) high to medium 2023-03-28
OBSO-2303-01 Command injection vulnerability in the Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager (CVE-2023- 29473/CVE-2023- 29474/CVE-2023- 29475) critical 2023-03-20
OBSO-2211-02 Command injection vulnerability in Atos Unify OpenScape 4000 Assistant and Atos Unify OpenScape 4000 Manager (CVE-2022-46404) critical 2022-11-28
OBSO-2211-01 OpenSSL V3 buffer overflow vulnerabilities (CVE-2022-3602 and CVE-2022-3786) medium 2022-11-08
OBSO-2210-01 Apache Commons Text Insecure Interpolation Defaults Input Handling Arbitrary Code Execution (CVE-2022-42889) medium
OBSO-2209-01 Realtek eEcos SDK vulnerability (CVE-2022-27255) info
OBSO-2207-01 OpenSSL Certificate Parsing Infinite Loop Remote DoS (CVE-2022-0778) high to medium
OBSO-2206-01 Impact of critical Expat vulnerabilities on Atos Unify OpenScape Xpert
(CVE-2022-23990 / CVE-2022-23852)
high to medium
Spring Framework Remote Code Execution Vulnerability (Spring4Shell, CVE-2022-22965)
OBSO-2203-03 Path Traversal vulnerability within Atos Unify OpenScape Deployment Service high 2022-03-16 2022-03-16
OBSO-2203-02 Linux Kernel lib/iov_iter.c Multiple Functions Missing Flag Initialization Read-only File Overwrite Local Privilege Escalation (CVE-2022-0847, Dirty Pipe) medium 2022-03-16 2023-01-16
OBSO-2203-01 Remote code execution vulnerability in Atos Unify OpenScape SBC , Atos Unify OpenScape Branch and Atos Unify OpenScape BCF (CVE-2022-36444) high 2022-03-03 2022-03-14
OBSO-2202-02 Security Update Advisory for Atos Unify OpenScape Composer high 2022-02-07 2022-02-07
OBSO-2202-01 pwnkit: Local Privilege Escalation in polkit’s pkexec (CVE-2021-4034) high 2022-02-03 2022-08-12
OBSO-2201-02 Directory Traversal vulnerability in Atos Unify OpenScape Xpressions high 2022-01-24 2022-02-10
OBSO-2201-01 Apache Log4j JMSAppender Class Configuration Property Handling JNDI Lookup Local Privilege Escalation Weakness (CVE-2021-4104) medium to high 2022-01-18
OBSO-2112-01 Critical vulnerability in Apache Log4j (Log4Shell, CVE-2021-44228, CVE-2021-45046,CVE-2021-45105 high 2021-12-13 2022-06-29
OBSO-2111-01 Atos Unify OpenScape Concierge Vulnerabilities and Configuration Note high 2021-11-22 2022-01-05
OBSO-2110-01 Atos Unify Product Security Configuration Note info 2021-10-14 2021-10-14
Update of Security Checklist for Atos Unify OpenScape Alarm Response
info 2021-07-26 2021-07-26
OBSO-2107-01 Local privilege escalation vulnerability within Atos Unify OpenScape 4000 Assistant and Atos Unify OpenScape 4000 Manager medium 2021-07-01 2022-04-01
OBSO-2103-01 OpenSSL Remote Denial of Service vulnerability (CVE-2021-3449)  high 2021-03-31 2022-01-25
OBSO-2102-01 Sudo Buffer Overflow Vulnerability (CVE-2021-3156)  high 2021-02-04 2021-04-21
OBSO-2101-02 OpenScape Business S – WAN Interface Vulnerability  high 2021-01-19 2021-01-19
OBSO-2101-01 Amnesia:33 – Impact on Atos Unify Products medium to low 2021-01-08 2022-09-01
OBSO-2011-01 Input validation vulnerability within OpenScape 4000 Assistant/Manager high 2020-11-05 2020-11-05
OBSO-2009-01 SSH configuration vulnerability within OpenScape 4000 medium 2020-09-08 2021-04-14
OBSO-2006-02 OpenScape 4000 Assistant vulnerabilities medium 2020-06-10 2020-06-10
OBSO-2006-01 Input validation vulnerability within OpenScape Business high 2020-06-02 2020-06-05
OBSO-2003-02 GhostCat. Apache Tomcat Unspecified Local File Inclusion. (CVE-2020-1938) high 2020-03-12 2020-04-28
OBSO-2003-01 Apache Log4j SocketServer Class Log Data Handling Insecure Deserialization
Remote Code Execution (CVE-2019-17571)
info 2020-03-03 2020-03-13
OBSO-2002-01 OpenScape UC – Multiple vulnerabilities medium 2020-02-17 2020-02-17
OBSO-1911-02 Sudo: Privilege escalation via potential bypass of Runas user restrictions (CVE-2019-14287) info 2019-11-08 2019-11-19
OBSO-1911-01 Impact of Microsoft Advisory ADV190023 for Unify Customers (Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing) info 2019-11-06 2020-06-10
OBSO-1908-01 VxWorks TCP/IP Network Stack (IPnet, Urgent/11) (CVE-2019-12256 to CVE-2019-12265) info 2019-08-14 2019-08-14
OBSO-1906-01 TCP SACK PANIC -Linux Kernel vulnerabilities (CVE-2019-11477, CVE-2019-11478, CVE -2019-11479, CVE-2019-5599) medium to high 2019-06-21 2019-12-17
OBSO-1905-02 Microsoft Windows Remote Desktop Services RDP Connection Request Handling
Remote Code Execution (CVE-2019-0708)
high 2019-05-16 2019-05-17
OBSO-1905-01 Apache Tomcat for Windows CGI Servlet Command Line Argument Handling Remote Code Execution (CVE-2019-0232) high 2019-05-07 2019-06-21
OBSO-1904-01 Elasticsearch Improper Permissions Name Indexing Remote Privilege Escalation (CVE-2019-7611) medium 2019-04-25 2019-04-25
OBSO-1903-02 OpenScape Desk Phones HFA and SIP CSRF and Privilege Escalation vulnerabilities medium 2019-03-13 2019-08-23
OBSO-1903-01 Google WebRTC RTCPeerConnection Object Handling Use-after-free Arbitrary Code Execution (CVE-2019-6211) medium 2019-03-04 2019-03-04
OBSO-1812-01 Spring Framework ResourceHttpRequestHandler Remote DoS (CVE-2018-15756) low 2018-12-13 2018-12-13
OBSO-1810-01 Chinese spy chips in Supermicro servers low 2018-10-08 2018-12-14
OBSO-1808-01 Faxploit: DEF CON 2018: HP OfficeJet Printer Attack (CVE-2018-5925,CVE-2018-5924) low 2018-08-22 2018-08-22
OBSO-1807-01 OpenScape Business Root Access high 2018-07-30 2018-07-30
OBSO-1806-03 Zip Slip (CVE-2018-8009) medium 2018-06-28 2018-10-18
OBSO-1806-02 Electron Custom Protocol Handler Processing Arbitrary Command Injection (CVE-2018-1000006, CVE-2018-1000118) medium 2018-06-28 2018-06-28
OBSO-1806-01 Electron webview Options Object Remote Node.js Integration Manipulation (CVE-2018-1000136) medium 2018-06-05 2018-06-05
OBSO-1805-01 Spring Framework spring-messaging Module Message Handling Remote Code Execution (CVE-2018-1270, CVE-2018-1275) high 2018-05-24 2018-06-01
OBSO-1801-01 Intel processor flaw: Meltdown and Spectre vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) medium 2018-01-04 2019-06-21
OBSO-1712-01 OpenStage and OpenScape Desk Phones: Web Based Management pages access without
admin password
medium 2017-12-13 2017-12-13
OBSO-1711-01 WPA2 Protocol Four-way Handshake Handling MitM Issue (KRACK attack) medium 2017-11-03 2018-02-21
OBSO-1710-01 Linux Kernel bluetooth Remote Stack Buffer Overflow (BlueBorne) (CVE-2017-1000251) medium 2017-10-06 2017-11-03
OBSO-1709-02 RTPproxy NAT Functionality RTP Traffic Handling Remote Packet Disclosure (RTP Bleed)
info 2017-09-28 2017-09-28
OBSO-1709-01 curl / libcurl Function TFTP File Name Handling Out-of-bounds Read Issue (CVE-2017-1000100) info 2017-09-21 2017-09-21
OBSO-1708-01 Linux Kernel Stack Guard Page Security Feature Bypass Weakness (CVE-2017-1000364) medium 2017-08-02 2020-02-06
OBSO-1704-01 Microsoft Patchday March 2017: Microsoft Windows SMB Remote Code Execution vulnerabilities high 2017-04-28 2017-05-09
OBSO-1703-02 Apache Struts2 Jakarta Multipart Parser File Upload Remote Code Execution (CVE 2017-5638) info 2017-03-31 2018-10-12
OBSO-1703-01 CIA Hack of Siemens/ Unify telephones Info 2017-03-14 2017-03-14
OBSO-1701-01 SHA-1 certificates: depreciation in 2017 info 2017-01-03 2017-01-03
OBSO-1611-01 Dirty Cow: Linux Kernel MAP_PRIVATE COW Flag Breakage Race Condition (CVE-2016-5195) medium 2016-11-07 2018-06-01
OBSO-1610-03 Leap Second on 2016-12-31 – Security Note for Unify Products medium 2016-10-27 2016-10-27
OBSO-1610-02 ISC BIND Nameserver Denial of Service Vulnerabilities (CVE-2016-2776, CVE-2016-2848) medium 2016-10-25 2016-10-25
OBSO-1610-01 OpenScape Xpressions – Information Exposure Vulnerability Through HTTP GET Method at Web Assistant Interface medium 2016-10-18 2016-10-18
OBSO-1607-01 httpoxy: A CGI Application Vulnerability Affecting Multiple Web Application Languages and Services info 2016-07-21 2016-07-27
OBSO-1603-02 DROWN: Breaking TLS using SSLv2 (CVE-2016-0800) info 2016-03-02 2016-10-21
OBSO-1603-01 Unify SLES 11-based Server Applications – Support of SLES 11 SP4 info 2016-03-01 2016-03-01
OBSO-1602-02 Glibc libresolv – Stack-based Buffer Overflow Vulnerability (CVE-2015-7547) high 2016-02-19 2016-04-29
OBSO-1602-01 OpenScape Accounting Management – Virus Alert in Installation Procedure info 2016-02-05 2016-09-29
OBSO-1601-01 OpenSSH Client Information Leak Vulnerability (CVE-2016-0777) low 2016-01-26 2016-04-04
OBSO-1512-04 Apache Tomcat Denial of Service Vulnerability in ChunkedInputFilter (CVE-2014-0227) medium 2015-12-30 2016-01-22
OBSO-1512-03 OpenSSH Login Handling Security Bypass Vulnerability (CVE-2015-5600) medium 2015-12-30 2016-10-25
OBSO-1512-02 Multiple Unify Products – TLS Denial of Service Vulnerability in OpenSSL Certificate Verification (CVE-2015-3194) medium 2015-12-23 2018-03-27
OBSO-1512-01 OpenScape Voice – MTLS-SIP Denial of Service Vulnerability in OpenSSL Certificate Verification (CVE-2015-0286) medium 2015-12-23 2015-12-23
OBSO-1511-02 Non-unique X.509 certificates in OpenStage / OpenScape Desk Phone IP (CVE-2015-8251) medium 2015-11-30 2015-11-30
OBSO-1511-01 Deserialisation of Java-objects – Vulnerability in Applications involving Apache Commons-Collections Classes (CVE-2015-8237, CVE-2015-8238) high 2015-11-17 2016-01-22
OBSO-1510-01 OpenScape Xpressions – unauthorized external calls via guest access (CVE-2015-7693) medium 2015-10-26 2016-05-13
OBSO-1508-02 OpenStage 60 / OpenScape Desk Phone IP 55G – Local service exposure vulnerability (CVE-2015-5391) medium 2015-08-13 2015-08-13
OBSO-1508-01 OpenScape Contact Center CDSS – Multiple vulnerabilities fixed in V8 R2.10.11192 medium 2015-08-05 2015-08-05
OBSO-1505-03 OpenScape UC Web Client and Desktop Client – Cross-Site Scripting (XSS) Vulnerability medium 2015-05-22 2015-05-22
OBSO-1505-02 OpenStage / OpenScape Desk Phone IP – HTTP header parsing vulnerability (CVE-2014-9708) medium 2015-05-08 2015-08-13
OBSO-1505-01 Leap Second on 2015-06-30 – Security Note for Unify Products info 2015-05-21 2015-05-21
OBSO-1503-02 Samba smbd – Remote Code Execution Vulnerability in netlogon server (CVE-2015-0240) high 2015-03-31 2015-03-31
OBSO-1503-01 OpenScape SBC V8 – SIP Authentication Bypass Vulnerability (CVE-2015-2057) high 2015-03-03 2015-03-24
OBSO-1501-04 GNU glibc Remote Buffer Overflow Vulnerability in gethostbyname – “Ghost” (CVE-2015-0235) low 2015-01-31 2016-10-10
OBSO-1501-03 OpenScape Business UC Suite – SQL Injection Vulnerability (CVE-2015-1183) high 2015-01-27 2015-01-27
OBSO-1501-02 OpenStage / OpenScape Desk Phone IP – Input Validation Vulnerability via Web Interface
low 2015-02-26 2015-02-26
OBSO-1501-01 OpenStage / OpenScape Desk Phone IP – Authentication Bypass Vulnerability in WPI Default Mode (CVE-2015-1184) high 2015-01-20 2015-03-24
OBSO-1412-03 Hardening of the Intelligent Platform Management Interface (IPMI) on Unify Servers info 2014-12-31 2014-12-31
OBSO-1412-02 NTP – Multiple Stack Based Buffer Overflow Vulnerabilities (CVE-2014-9295) medium 2014-12-23 2015-01-27
OBSO-1412-01 Microsoft Windows Remote Code Execution Vulnerability in Schannel (“Winshock”, MS14-066, CVE-2014-6321) high 2014-12-01 2015-06-16
OBSO-1410-03 OpenScape Business – Getting Root Access low 2014-10-24 2014-10-26
OBSO-1410-02 SSL 3.0 “POODLE” vulnerability (CVE-2014-3566) low 2014-10-17 2014-10-17
OBSO-1410-01 OpenStage / OpenScape Desk Phone IP – Authentication Bypass Vulnerability in web-based management (CVE-2014-7950) high 2014-10-10 2014-10-10
OBSO-1409-01 Bash – Remote Command Injection Vulnerability “Shellshock” (CVE-2014-6271, CVE-2014 7169 et al.) high 2014-09-27 2015-07-28
OBSO-1408-04 Java in Unify products – RSA private key timing attack vulnerability (CVE-2014-4244) and failure to validate public Diffie-Hellman parameters (CVE-2014-4263) low 2014-08-26 2015-08-21
OBSO-1408-03 OpenScape Web Collaboration – Two Cross Site Scripting (XSS) vulnerabilities medium 2014-08-25 2014-08-25
OBSO-1408-02 OpenScape Deployment Service – Hardening of the TLS-based Workpoint Interface info 2014-08-22 2015-01-31
OBSO-1408-01 openSSL TLS Client Denial of Service vulnerability (CVE-2014-3509) low 2014-08-12 2014-09-26
OBSO-1407-03 OpenStage / OpenScape Desk Phone IP – Information Exposure Vulnerability in web-based management medium 2014-07-24 2014-07-24
OBSO-1407-02 HiPath 4000 V6 – Security Updates for the Gateway Web Interface medium 2014-07-23 2014-07-23
OBSO-1407-01 NTP Distributed Reflection Denial-of-Service (DRDoS) attack via the monlist feature (CVE-2013-5211) medium 2014-07-25 2014-07-25
OBSO-1406-01 openSSL ChangeCipherSpec Injection Vulnerability (CVE-2014-0224) and FLUSH+RELOAD Cache Side-channel Attack (CVE-2014-0076) medium 2014-06-06 2015-07-28
OBSO-1404-02 openSSL “Heartbleed” Vulnerability (CVE-2014-0160) medium 2014-04-11 2014-05-02
OBSO-1404-02-A Impact of the “Heartbleed” vulnerability to third-party products (CVE-2014-0160) info 2014-04-18 2014-05-02
OBSO-1404-01 OpenScape Deployment Service – Blind SQL Injection Vulnerability (CVE-2014-2652) medium 2014-04-11 2014-04-11
OBSO-1403-02 OpenStage / OpenScape Desk Phone IP – Authentication Bypass Vulnerability in WPI Default Mode (CVE-2014-2651) high 2014-03-28 2014-03-28
OBSO-1403-01 OpenStage / OpenScape Desk Phone IP (SIP) – OS command Injection Vulnerability in web-based management (CVE-2014-2650) high 2014-03-28 2014-03-28
OBSO-1402-01 Mediatrix 4400 Series – Cross-site scripting (XSS) vulnerability (CVE-2014-1612) medium 2014-02-07 2014-02-07
OBSO-1401-05 OpenScape UC Applications – Cross-site Scripting Vulnerability medium 2014-01-31 2014-01-31
OBSO-1401-04 OpenScape Deployment Service – SQL Injection Vulnerability high 2014-01-31 2014-01-31
OBSO-1401-03 HiPath 4000/OpenScape 4000 – Unauthenticated write access to file system medium 2014-01-31 2014-01-31
OBSO-1401-02 Informational – Expiry of Default Root CA Certificate in OpenScape Solutions info 2014-01-28 2014-01-28
OBSO-1401-01 OpenScape Voice V6 – Multiple Vulnerabilities in Operating System and Java Components medium 2014-01-15 2014-01-15
OBSO-1312-02 OpenScape Voice Trace Manager – Multiple Vulnerabilities in PHP medium 2013-12-20 2013-12-20
OBSO-1312-01 OpenStage HFA/SIP – Cross-site scripting vulnerability in web-based management medium 2013-12-16 2013-12-16
OBSO-1307-02 OpenScape Branch/SBC – Nameserver vulnerabilities (CVE-2012-4244, CVE-2012-5166, CVE-2013-2266) high 2013-07-26 2013-07-26
OBSO-1307-01 OpenScape Voice V7 R1 – Multiple Vulnerabilities in Operating System and Java Components high 2013-07-24 2013-12-06
OBSO-1306-02 OpenStage Cloud Diagnostic Data Collector – PHP and Web Server Vulnerabilities (CVE-2013-1643, CVE-2012-3499) medium 2013-06-17 2013-06-17
OBSO-1306-01 OpenScape Branch / OpenScape SBC – Multiple Web Interface Vulnerabilities high 2013-06-12 2013-11-08
OBSO-1305-01 PostgreSQL Security Updates for Multiple Products (CVE-2013-1899) high 2013-05-07 2013-11-08
OBSO-1202-01 Linux Kernel Privilege Escalation Vulnerability (CVE-2012-0056) info 2012-02-01 2013-11-08
OBSO-1108-02 OpenScape UC Application – local access vulnerability via Web Client high 2011-08-23 2011-12-08
OBSO-1108-01 OpenStage – password accessible in cleartext on webbased interface low 2011-08-22 2011-08-22
OBSO-1106-01 Allied Telesis divulges secret backdoor info 2011-06-07 2013-11-08
OBSO-1011-01 OpenStage – configuration data readable by unauthorized users medium 2010-11-30 2010-11-30
OBSO-1010-03 Impact of the Stuxnet worm to Unify systems info 2010-10-25 2013-11-08
OBSO-1010-02 Arbitrary code execution at Manager-E medium 2010-10-15 2010-10-26
OBSO-1010-01 Enabled VxWorks debug service high 2010-10-15 2010-10-15