Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24595
Reference (s):
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0010
- https://www.mitel.com/support/security-advisories