Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sophos cyberoam_cr25ing_utm_firmware 10.6.2 |