Special Interest Group Network for Analysis and Liaison’s “Inter-SOC Cooperation API” provided by Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) contains multiple vulnerabilities listed below.
**Improper Authorization in Information Provision function ([CWE-285]())** – CVE-2023-38751
Version| Vector| Score
—|—|—
CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N| **Base Score: 3.5**
CVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N| **Base Score: 4.0**
**Improper Authorization in Information Provision and Group Message functions ([CWE-285]())** – CVE-2023-38752
Version| Vector| Score
—|—|—
CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N| **Base Score: 3.5**
CVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N| **Base Score: 4.0**
## Impact
* Organization information of the information receiver that is set as “non-disclosure” in the information provision operation may be viewed by an authorized API user – CVE-2023-38751
* Attribute information of the poster that is set as”non-disclosure” in the system settings may be viewed by an authorized API user – CVE-2023-38752
## Solution
**Apply the Patch**
Apply the patch according to the information provided by the developer.
For more information, contact the developer.
**Apply the workaround**
If the patch cannot be applied, applying the following workaround may mitigate the impacts of these vulnerabilities.
* Configure to stop using the API
## Products Affected
* Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7Read More
References
Back to Main
