Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

RedhatCVE
RedhatCVEadded 2025/05/22 5:48 a.m.0 views

CVE-2017-16631

In SapphireIMS 40971, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference IDOR in the "Account Password Reset" functionality...

6.5CVSS7AI score0.00154EPSS
Exploits0References1
CNVD
CNVDadded 2021/09/30 12:0 a.m.14 views

Unspecified Vulnerability in Tecknodreams SapphireIMS

Tecknodreams SapphireIMS is an ITIL 2011 certified enterprise class service management system from Tecknodreams India. A security vulnerability exists in Tecknodreams SapphireIMS 40971, which can be exploited by an attacker for username enumeration...

7.5CVSS7.5AI score0.00341EPSS
Exploits0References1
OSV
OSVadded 2021/08/11 9:15 p.m.1 views

CVE-2017-16629

In SapphireIMS 40971, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For...

7.5CVSS5.8AI score0.00341EPSS
Exploits0References2
OSV
OSVadded 2021/08/11 9:15 p.m.3 views

CVE-2017-16632

In SapphireIMS 40971, the password in the database is stored in Base64 format...

7.5CVSS5.8AI score0.00148EPSS
Exploits0References2
OSV
OSVadded 2021/08/11 9:15 p.m.2 views

CVE-2017-16630

In SapphireIMS 40971, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference IDOR in the local user creation function...

8.8CVSS5.8AI score0.00324EPSS
Exploits0References2
Prion
Prionadded 2021/08/11 9:15 p.m.15 views

Format string

In SapphireIMS 40971, the password in the database is stored in Base64 format...

5CVSS7.6AI score0.00148EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2021/08/11 9:15 p.m.2 views

CVE-2017-16631

In SapphireIMS 40971, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference IDOR in the "Account Password Reset" functionality...

6.5CVSS5.5AI score0.00154EPSS
Exploits0References3
CVE
CVEadded 2021/08/11 8:11 p.m.39 views

CVE-2017-16632

CVE-2017-16632 affects SapphireIMS 4097_1, where passwords in the database are stored in Base64 (not secure hashing). The issue is described across multiple sources (NVD/NVD-derived records and national CVE lists), with CVSSv3 indicating high confidentiality impact (C: High) and network attack ve...

7.5CVSS7.5AI score0.00148EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2021/08/11 8:9 p.m.43 views

CVE-2017-16630

SapphireIMS 4097_1 is affected by CVE-2017-16630 due to an insecure direct object reference (IDOR) in the local user creation function. A guest user can create a local administrator account on any system with SapphireIMS installed, enabling privilege elevation. The issue is caused by insufficient...

8.8CVSS8.4AI score0.00324EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2021/08/11 8:8 p.m.176 views

CVE-2017-16629

SapphireIMS 4097_1 is affected by a username-enumeration issue. The login form reveals different error messages for incorrect user vs. incorrect password, enabling an attacker to guess registered usernames. The CVE description specifies two messages: “The application failed to identify the user. ...

7.5CVSS7.5AI score0.00341EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder