Shaquin Trifonoff

Researcher fromLateral Security
#10081of 53,633
27.4Total CVSS
Vulnerabilities · 3
High
2
Critical
1
PT-2022-23375
8.8
2022-10-25
Mitel · Mitel Micollab · CVE-2022-36451
**Name of the Vulnerable Software and Affected Versions** Mitel MiCollab versions through 9.5.0.101 **Description** A vulnerability in the MiCollab Client server component could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server. **Recommendations** For versions through 9.5.0.101, update to a version that addresses the insufficient restriction of URL parameters to prevent Server-Side Request Forgery (SSRF) attacks. As a temporary workaround, consider restricting access to the MiCollab Client server component to minimize the risk of exploitation.
PT-2022-23376
9.8
2022-10-25
Mitel · Mitel Micollab · CVE-2022-36452
**Name of the Vulnerable Software and Affected Versions** Mitel MiCollab versions through 9.5.0.101 **Description** A vulnerability in the web conferencing component could allow an unauthenticated attacker to upload malicious files, potentially leading to the execution of arbitrary code within the context of the application. **Recommendations** For versions through 9.5.0.101, update to a version that contains a fix for this issue to prevent the upload of malicious files and potential code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-23377
8.8
2022-10-25
Mitel · Mitel Micollab · CVE-2022-36453
**Name of the Vulnerable Software and Affected Versions** Mitel MiCollab versions 9.1.3 through 9.5.0.101 **Description** A vulnerability in the MiCollab Client API could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number. **Recommendations** For versions 9.1.3 through 9.5.0.101, update to a version that includes proper authorization controls for the MiCollab Client API to prevent unauthorized modification of profile parameters. At the moment, there is no information about a newer version that contains a fix for this vulnerability.