Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2 matches found

OSV
OSVadded 2021/08/11 9:15 p.m.2 views

CVE-2020-25566

In SapphireIMS 5.0, it is possible to take over an account by sending a request to the SavePassword form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the username to that user and password to base64desired password...

9.8CVSS7.3AI score0.0156EPSS
Exploits1References2
CNNVD
CNNVDadded 2021/08/11 12:0 a.m.3 views

SapphireIMS 访问控制错误漏洞

Tecknodreams SapphireIMS is an ITIL 2011 certified Enterprise Service Management System from Tecknodreams India. A security vulnerability exists in SapphireIMS 5.0, which stems from the software's Save Password form not filtering requests enough to allow an attacker to send a request to take over...

9.8CVSS8.3AI score0.0156EPSS
Exploits1References2
Rows per page
Query Builder