May 24, MiCollab vulnerabilities
24th May 2024
Mitel has become aware of two vulnerabilities affecting their MiCollab product. Both vulnerabilities have been given a ‘Critical’ severity rating.
| Mitel Product Security Advisory | CVE ID | Security Impact Rating | CVSS Base Score |
| MICollab Command Injection Vulnerability | CVE-2024-35285 | Critical | 9.8 |
| MiCollab SQL Injection Vulnerability | CVE-2024-20359 | Critical | 9.8 |
Affected Products
Security Bulletins are being issued for the following products:
| Product Name | Product Version | Security Bulletin | Last Updated |
| MiCollab | 9.8.0.33 and earlier | 24-0013-001 | 2024-05-23 |
| MiCollab | 9.8.0.33 and earlier | 24-0014-001 | 2024-05-23 |
Please refer to the product Security Bulletin(s) for additional statements regarding risk.
Our dedicated security teams are continuing to monitor the situation and Daisy is undertaking all necessary actions to ensure our customers are safe, following guidance from Mitel.
If you suspect you have been affected by this vulnerability or need to discuss further advice please contact our Service Desk team on 0330 024 3333 or raise a ticket via our Customer Portal.