CVE-2024-30158

A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mitel:micollab:*:*:*:*:*:*:*:*

History

25 Oct 2024, 16:30

Type Values Removed Values Added
CPE cpe:2.3:a:mitel:micollab:*:*:*:*:*:*:*:*
References () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0004 - () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0004 - Vendor Advisory
First Time Mitel micollab
Mitel

23 Oct 2024, 15:12

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en el componente de conferencias web de Mitel MiCollab hasta la versión 9.7.1.110 podría permitir que un atacante autenticado con privilegios administrativos realice un ataque de inyección SQL debido a una validación insuficiente de la entrada del usuario. Una explotación exitosa podría permitir que un atacante ejecute operaciones arbitrarias de administración y base de datos.

22 Oct 2024, 14:35

Type Values Removed Values Added
CWE CWE-89
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.2

21 Oct 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-21 21:15

Updated : 2024-10-25 16:30


NVD link : CVE-2024-30158

Mitre link : CVE-2024-30158

CVE.ORG link : CVE-2024-30158


JSON object : View

Products Affected

mitel

  • micollab
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')