CVE-2024-35286

Name of the Vulnerable Software and Affected Versions Mitel MiCollab versions through 9.8.0.33

Description A flaw exists in the NuPoint Messenger (NPM) component of Mitel MiCollab due to inadequate sanitization of user-supplied data. This allows a remote, unauthenticated attacker to perform a SQL injection attack. Successful exploitation could grant access to sensitive information and enable arbitrary database and management operations. Recent reports indicate that advanced persistent threat (APT) actors have been actively exploiting this and related issues. The vulnerability allows attackers to perform arbitrary file reads.

Recommendations Update Mitel MiCollab to a version later than 9.8.0.33.