Description

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation.

Related CPE's

a

jpcert

special_interest_group_network_for_analysis_and_liaison

Vulnerable

References

https://jvn.jp/en/jp/JVN83334799/

Third Party Advisory

https://www.jpcert.or.jp/press/2023/PR20230807_notice.html

Third Party Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-Other

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-09T04:15:10.047

11 months ago

Last modified

2023-08-18T16:37:43.763

11 months ago