Mitel Product Security Advisory 24-0014

MiCollab SQL Injection Vulnerability

Advisory ID: 24-0014

Publish Date: 2024-05-23

Last Updated: 2024-05-23

Revision: 1.0



A SQL injection vulnerability has been identified in NuPoint Unified Messaging (NPM) component of Mitel MiCollab which, if successfully exploited, could allow a malicious actor to conduct a SQL injection attack.   

Mitel is recommending customers with affected product versions update to the latest release.


Affected Products

Security Bulletins are being issued for the following products:


Risk Assessment

The risk of this vulnerability is rated as Critical. Refer to the product Security Bulletin(s) for additional statements regarding risk.


Mitigation / Recommended Action

Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions. 

For additional information, contact Product Support.


Related CVEs / CWEs / Advisories



Revision History

Version Date Description
1.0 2024-05-23  Initial version 
Ready to talk to sales? Contact us.