CVE-2022-36451

Name of the Vulnerable Software and Affected Versions Mitel MiCollab versions through 9.5.0.101

Description A vulnerability in the MiCollab Client server component could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server.

Recommendations For versions through 9.5.0.101, update to a version that addresses the insufficient restriction of URL parameters to prevent Server-Side Request Forgery (SSRF) attacks. As a temporary workaround, consider restricting access to the MiCollab Client server component to minimize the risk of exploitation.