Published: 2017/05/25  Last Updated: 2017/05/25

Information from Japan Total System Co.,Ltd.

Vulnerability ID:JVN#42164352
Title:GroupSession fails to restrict access permissions

This is a statement from the vendor itself with no modification by JPCERT/CC.

GroupSession to versions up to 4.6.4
The user who logged into GroupSession
There is a vulnerability capable of acquiring short mails of other people and time card (work schedule) information.

Affected version: 4.6.4 and earlier versions
Fixed version: 4.7.0

How to respond:
Please update to this version which modified this vulnerability.