CVSS: 9.8EPSS: 77%CPEs: 1EXPL: 0CVE-2024-35286
https://notcve.org/view.php?id=CVE-2024-35286
21 Oct 2024 — A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0014 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2024-35285
https://notcve.org/view.php?id=CVE-2024-35285
21 Oct 2024 — A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0013 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •