CVE-2019-19607

Name of the Vulnerable Software and Affected Versions Mitel MiCollab AWV versions prior to 8.1.2.2

Description A SQL injection issue exists due to insufficient input validation for the session parameter in the web conferencing component. This could allow an unauthenticated attacker to extract sensitive information from the database and execute arbitrary scripts.

Recommendations For versions prior to 8.1.2.2, update to version 8.1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the web conferencing component to minimize the risk of exploitation. Avoid using the session parameter in affected components until the issue is resolved.