Mitel Product Security Advisory 24-0014

MiCollab SQL Injection Vulnerability

Advisory ID: 24-0014

Publish Date: 2024-05-23

Last Updated: 2024-05-23

Revision: 1.0

 

Summary

A SQL injection vulnerability has been identified in NuPoint Unified Messaging (NPM) component of Mitel MiCollab which, if successfully exploited, could allow a malicious actor to conduct a SQL injection attack.   

Mitel is recommending customers with affected product versions update to the latest release.

 

Affected Products

Security Bulletins are being issued for the following products:

 

Risk Assessment

The risk of this vulnerability is rated as Critical. Refer to the product Security Bulletin(s) for additional statements regarding risk.
 

 

Mitigation / Recommended Action

Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions. 

For additional information, contact Product Support.

 

Related CVEs / CWEs / Advisories

CVE-2024-35286

 

Revision History

Version Date Description
1.0 2024-05-23  Initial version 
Ready to talk to sales? Contact us.