4 matches found
CVE-2020-25566
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the SavePassword form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the username to that user and password to base64desired password...
CVE-2020-25564
In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave Automation Tasks feature...
CVE-2017-16630
In SapphireIMS 40971, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference IDOR in the local user creation function...
CVE-2017-16629
In SapphireIMS 40971, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For...