CVE-2024-47189

Name of the Vulnerable Software and Affected Versions Mitel MiCollab versions through 9.8 SP1 FP2 (9.8.1.201)

Description The issue concerns the API Interface of the AWV component, where insufficient sanitization of user input could allow an unauthenticated attacker to conduct SQL injection. This could enable an attacker with specific knowledge to access non-sensitive user provisioning information and execute arbitrary SQL database commands.

Recommendations For versions through 9.8 SP1 FP2 (9.8.1.201), as a temporary workaround, consider restricting access to the API Interface of the AWV component until a patch is available. Avoid using user input in SQL queries until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.