The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information.
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0008