Information from Japan Computer Emergency Response Team Coordination Center (JPCERT/CC)
Vulnerability ID:JVN#83334799
Title:Multiple vulnerabilities in Special Interest Group Network for Analysis and Liaison's API
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
## Overview
Special Interest Group Network for Analysis and Liaison's "Inter-SOC Cooperation API" contains multiple vulnerabilities listed below.
1.Organization information of the information receiver that is set as "non-disclosure" in the information provision operation may be viewed by an authorized API user - CVE-2023-38751
2.Attribute information of the poster that is set as "non-disclosure" in the system settings may be viewed by an authorized API user - CVE-2023-38752
Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has already applied or provided countermeasures to all user groups by July 20, 2023.
## Affected Versions
Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7
## Workaround
Disable API usage privileges.
## Solution
Apply the fix patch.
## Fixed Versions
Special Interest Group Network for Analysis and Liaison versions 4.7.8 and later
