The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25608
Reference (s):
- https://www.mitel.com/support/security-advisories