Mitel Product Security Advisory 24-0014
Mitel Product Security Advisory 24-0014
MiCollab SQL Injection Vulnerability
Advisory ID: 24-0014
Publish Date: 2024-05-23
Last Updated: 2024-05-23
Revision: 1.0
Summary
A SQL injection vulnerability has been identified in NuPoint Unified Messaging (NPM) component of Mitel MiCollab which, if successfully exploited, could allow a malicious actor to conduct a SQL injection attack.
Mitel is recommending customers with affected product versions update to the latest release.
Affected Products
Security Bulletins are being issued for the following products:
| Product Name | Product Version | Security Bulletin | Last Updated |
|---|---|---|---|
| MiCollab | 9.8.0.33 and earlier | 24-0014-001 | 2024-05-23 |
Risk Assessment
The risk of this vulnerability is rated as Critical. Refer to the product Security Bulletin(s) for additional statements regarding risk.
Mitigation / Recommended Action
Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.
For additional information, contact Product Support.
Related CVEs / CWEs / Advisories
CVE-2024-35286
Revision History
| Version | Date | Description |
|---|---|---|
| 1.0 | 2024-05-23 | Initial version |