Sapphireims@4097 1 Security Vulnerabilities and Issues — Sapphireims@4097 1 CVE List

Lucene search

SapphireimsSapphireims4097 1

4 matches found

CVE•added 2021/08/11 9:15 p.m.•171 views

CVE-2017-16629

In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For "Co...

7.5CVSS7.5AI score0.00341EPSS

CVE•added 2021/08/11 9:15 p.m.•38 views

CVE-2017-16630

In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.

8.8CVSS8.4AI score0.00324EPSS

CVE•added 2021/08/11 9:15 p.m.•36 views

CVE-2017-16631

In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.

6.5CVSS6.5AI score0.00154EPSS

CVE•added 2021/08/11 9:15 p.m.•33 views

CVE-2017-16632

In SapphireIMS 4097_1, the password in the database is stored in Base64 format.

7.5CVSS7.5AI score0.00148EPSS