CVE-2022-36451
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server.
Una vulnerabilidad en el componente del servidor MiCollab Client de Mitel MiCollab versiones hasta 9.5.0.101, podría permitir a un atacante autenticado conducir un ataque de tipo Server-Side Request Forgery (SSRF) debido a una restricción insuficiente de los parámetros de la URL. Una explotación con éxito podría permitir a un atacante aprovechar las conexiones y los permisos disponibles en el servidor anfitrión
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-25 CVE Reserved
- 2022-10-25 CVE Published
- 2024-05-17 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mitel.com/support/security-advisories | 2022-10-28 | |
| https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0006 | 2022-10-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mitel Search vendor "Mitel" | Micollab Search vendor "Mitel" for product "Micollab" | <= 9.5.0.101 Search vendor "Mitel" for product "Micollab" and version " <= 9.5.0.101" | - |
Affected
| ||||||