CVE-2024-30157

HIGH EPSS 32.1%

Published Oct 21, 20241y ago · Modified Jun 17, 20261w ago

7.2 CVSS 3.1

High

Published Oct 21, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations.

CVSS Details

Base Score

7.2

Exploitability

1.2

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

32.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 1

Vendor	Product	Version	Range
mitel	micollab	*	≤9.7.1.110

References 1

mitel.com https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0004

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.