Mitel Product Security Advisory 24-0014

Mitel Product Security Advisory 24-0014

MiCollab SQL Injection Vulnerability

Advisory ID: 24-0014

Publish Date: 2024-05-23

Last Updated: 2024-05-23

Revision: 1.0

Summary

A SQL injection vulnerability has been identified in NuPoint Unified Messaging (NPM) component of Mitel MiCollab which, if successfully exploited, could allow a malicious actor to conduct a SQL injection attack.   

Mitel is recommending customers with affected product versions update to the latest release.

Affected Products

Security Bulletins are being issued for the following products:

Product NameProduct VersionSecurity BulletinLast Updated
MiCollab9.8.0.33 and earlier 24-0014-0012024-05-23

Risk Assessment

The risk of this vulnerability is rated as Critical. Refer to the product Security Bulletin(s) for additional statements regarding risk.

Mitigation / Recommended Action

Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions. 

For additional information, contact Product Support.

Related CVEs / CWEs / Advisories

CVE-2024-35286

Revision History

VersionDateDescription
1.02024-05-23 Initial version 

Stay One Step Ahead Get notifications of the latest security advisories sent right to your inbox every week!