May 24, MiCollab vulnerabilities

24th May 2024

Mitel has become aware of two vulnerabilities affecting their MiCollab product. Both vulnerabilities have been given a ‘Critical’ severity rating.

Mitel Product Security Advisory   CVE ID   Security Impact Rating   CVSS Base Score
MICollab Command Injection Vulnerability   CVE-2024-35285   Critical   9.8
MiCollab SQL Injection Vulnerability   CVE-2024-20359   Critical   9.8

Affected Products

Security Bulletins are being issued for the following products:

Product Name Product Version Security Bulletin Last Updated
MiCollab 9.8.0.33 and earlier 24-0013-001 2024-05-23
MiCollab 9.8.0.33 and earlier 24-0014-001 2024-05-23

 
Please refer to the product Security Bulletin(s) for additional statements regarding risk.

Our dedicated security teams are continuing to monitor the situation and Daisy is undertaking all necessary actions to ensure our customers are safe, following guidance from Mitel.

If you suspect you have been affected by this vulnerability or need to discuss further advice please contact our Service Desk team on 0330 024 3333 or raise a ticket via our Customer Portal.

Talk to one of our specialists.
Call us on
0344 863 3000