Filtered by vendor Sapphireims
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16631 | 1 Sapphireims | 1 Sapphireims | 2021-08-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality. | |||||
| CVE-2020-25562 | 1 Sapphireims | 1 Sapphireims | 2021-08-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent. | |||||