Search
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25564 | 1 Sapphireims | 1 Sapphireims | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature. | |||||
| CVE-2017-16630 | 1 Sapphireims | 1 Sapphireims | 2021-08-16 | 6.5 MEDIUM | 8.8 HIGH |
| In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function. | |||||
| CVE-2017-16632 | 1 Sapphireims | 1 Sapphireims | 2021-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| In SapphireIMS 4097_1, the password in the database is stored in Base64 format. | |||||
| CVE-2020-25561 | 1 Sapphireims | 1 Sapphireims | 2021-08-16 | 4.6 MEDIUM | 7.8 HIGH |
| SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client. | |||||
| CVE-2017-16629 | 1 Sapphireims | 1 Sapphireims | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" - it gives an error "Authentication failed. Please login again." | |||||