Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control.
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0010