sapphireims

Top products

The 11 most recently published vulnerabilities affecting sapphireims.

• CVE-2020-25566In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset a...9.8Aug 11, 2021
• CVE-2020-25565In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can injec...9.8Aug 11, 2021
• CVE-2020-25564In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature.8.8Aug 11, 2021
• CVE-2020-25563In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a...9.8Aug 11, 2021
• CVE-2020-25562In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent.6.5Aug 11, 2021
• CVE-2020-25561SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client.7.8Aug 11, 2021
• CVE-2020-25560In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can injec...9.8Aug 11, 2021
• CVE-2017-16632In SapphireIMS 4097_1, the password in the database is stored in Base64 format.7.5Aug 11, 2021
• CVE-2017-16631In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.6.5Aug 11, 2021
• CVE-2017-16630In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user cr...8.8Aug 11, 2021
• CVE-2017-16629In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives ...7.5Aug 11, 2021