CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 1CVE-2016-7786 – Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference
https://notcve.org/view.php?id=CVE-2016-7786
Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5. Sophos Cyberoam UTM CR25iNG 10.6.3 El MR-5 permite a usuarios autenticados remotos pasar por alto las restricciones de acceso deseadas a través de la referencia de objeto directo, como lo demuestra una solicitud de Licenseinformation.jsp. Esto se fija en 10.6.5. Sophos Cyberoam UTM CR25iNG version 10.6.3 MR-5 suffers from an insecure direct object reference vulnerability. • https://www.exploit-db.com/exploits/44469 https://infosecninja.blogspot.in/2017/04/cve-2016-7786-sophos-cyberoam-utm.html • CWE-264: Permissions, Privileges, and Access Controls •