An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie.
https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10211/