A security vulnerability exists in Tecknodreams SapphireIMS, an ITIL 2011 certified enterprise service management system from Tecknodreams India. tecknodreams SapphireIMS 4097_1. The vulnerability stems from an insecure direct object reference in the local user creation function. An attacker could exploit the vulnerability to create a local administrator account on any system where the program is installed.