Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access.