CVE-2024-47189

The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of specific details to access non-sensitive user provisioning information and execute arbitrary SQL database commands.

CVSS

No CVSS.

References

Link	Resource
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0026	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mitel:micollab:*:*:*:*:*:*:*:*

History

07 Jul 2025, 17:52

Type	Values Removed	Values Added
References	~~() https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0026 -~~	() https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0026 - Vendor Advisory
First Time		Mitel Mitel micollab
CPE		cpe:2.3:a:mitel:micollab::::::::

21 Oct 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-21 20:15

Updated : 2025-07-07 17:52

NVD link : CVE-2024-47189

Mitre link : CVE-2024-47189

JSON object : View

Products Affected

mitel

micollab

CWE

No CWE.

JSON object

Attach tags to CVE-2024-47189

Attach tags to `CVE-2024-47189`