CVE-2024-47224

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions prior to 9.8 SP1 FP2 (9.8.1.201)

Description: A vulnerability in the AWV component of Mitel MiCollab could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. This could enable an attacker to perform a phishing attack by redirecting users to an untrusted site using a specially crafted link.

Recommendations: For Mitel MiCollab versions prior to 9.8 SP1 FP2 (9.8.1.201), update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.