Sophos · Sophos Cyberoam Utm · CVE-2016-7786
**Name of the Vulnerable Software and Affected Versions**
Sophos Cyberoam UTM CR25iNG versions 10.6.3 MR-5 through 10.6.4
**Description**
The issue allows remote authenticated users to bypass intended access restrictions via direct object reference. This can be demonstrated by a request for "Licenseinformation.jsp".
**Recommendations**
For versions 10.6.3 MR-5 through 10.6.4, update to version 10.6.5 to resolve the issue.