Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-18248

Malware in sbrugna...

8.8CVSS8.6AI score0.01247EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 5:55 p.m.9 views

CVE-2020-25565

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server...

9.8CVSS7.6AI score0.02129EPSS
Exploits1
OSV
OSV
added 2021/08/11 9:15 p.m.5 views

CVE-2020-25566

In SapphireIMS 5.0, it is possible to take over an account by sending a request to the SavePassword form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the username to that user and password to base64desired password...

9.8CVSS7.3AI score0.0156EPSS
Exploits1References2
NVD
NVD
added 2021/08/11 9:15 p.m.30 views

CVE-2020-25566

In SapphireIMS 5.0, it is possible to take over an account by sending a request to the SavePassword form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the username to that user and password to base64desired password...

9.8CVSS0.0156EPSS
Exploits1References2
NVD
NVD
added 2021/08/11 9:15 p.m.22 views

CVE-2020-25560

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. W...

9.8CVSS0.02129EPSS
Exploits1References2
Prion
Prion
added 2021/08/11 9:15 p.m.12 views

Default credentials

In SapphireIMS 5.0, it is possible to take over an account by sending a request to the SavePassword form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the username to that user and password to base64desired password...

7.5CVSS9.4AI score0.0156EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/08/11 9:15 p.m.17 views

Hardcoded credentials

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. W...

7.5CVSS9.6AI score0.02129EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/08/11 8:21 p.m.53 views

CVE-2020-25563

SapphireIMS 5.0 is affected by an authentication-bypass vulnerability in the RemoteMgmtTaskSave (Automation Tasks) path that allows an unauthenticated user to create a local administrator on any client by accessing RemoteMgmtTaskSave without a JSESSIONID. Root cause: direct access to an automatio...

9.8CVSS9.1AI score0.0156EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/08/11 8:12 p.m.23 views

CVE-2020-25560

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. W...

9.8AI score0.02129EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/08/11 12:0 a.m.6 views

SapphireIMS 访问控制错误漏洞

Tecknodreams SapphireIMS is an ITIL 2011 certified Enterprise Service Management System from Tecknodreams India. A security vulnerability exists in SapphireIMS 5.0, which stems from the software's Save Password form not filtering requests enough to allow an attacker to send a request to take over...

9.8CVSS8.3AI score0.0156EPSS
Exploits1References2
Rows per page
Query Builder