Vulnerabilities > CVE-2022-36451 - Server-Side Request Forgery (SSRF) vulnerability in Mitel Micollab

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
mitel
CWE-918
NVD
Published: 2022-10-25
Updated: 2022-10-28

Summary

A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server.

Vulnerable Configurations

Part Description Count
Application
Mitel
58

Common Weakness Enumeration (CWE)

References