Frogy

**Name of the Vulnerable Software and Affected Versions** Sophos Cyberoam UTM CR25iNG versions 10.6.3 MR-5 through 10.6.4 **Description** The issue allows remote authenticated users to bypass intended access restrictions via direct object reference. This can be demonstrated by a request for "Licenseinformation.jsp". **Recommendations** For versions 10.6.3 MR-5 through 10.6.4, update to version 10.6.5 to resolve the issue.