Lucene search
PRIOn knowledge basePRION:CVE-2020-25566HistoryAug 11, 2021 - 9:15 p.m.
Default credentials
2021-08-1121:15:00
PRIOn knowledge base
www.prio-n.com
2
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the username to that user and password to base64(desired password).
| CPE | Name | Operator | Version |
|---|---|---|---|
| sapphireims | eq | 5.0 |
Related
nvd
nvd
CVE-2020-25566
2021-08-11 21:15:08
cve
cve
CVE-2020-25566
2021-08-11 21:15:08
cvelist
cvelist
CVE-2020-25566
2021-08-11 20:24:56