Suite Applications Services Vulnerability Could Lead to SQL Injection
CVE-2024-30157

7.2HIGH

Key Information:

Vendor: Mitel
Status: Micollab
Vendor: CVE Published:; 21 October 2024

What is CVE-2024-30157?

A vulnerability identified in the Suite Applications Services component of Mitel MiCollab through version 9.7.1.110 presents significant security risks. The flaw arises from inadequate validation of user input, which can potentially enable an authenticated attacker with administrative privileges to execute a SQL Injection attack. This exploitation could facilitate unauthorized database access and pose threats to data integrity and confidentiality. Organizations leveraging Mitel MiCollab should prioritize addressing this vulnerability through timely patches and enhanced security practices.

References

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2024