Sapphireims

sapphireims

Vendor: Sapphireims • 11 CVEs

CVEs (11)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-25566 1Sapphireims 1Sapphireims Nov 21, 2024 Aug 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by c...Show more In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the username to that user and password to base64(desired password).Show less
CVE-2020-25565 1Sapphireims 1Sapphireims Nov 21, 2024 Aug 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands...Show more In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server.Show less
CVE-2020-25564 1Sapphireims 1Sapphireims Nov 21, 2024 Aug 11, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature.
CVE-2020-25563 1Sapphireims 1Sapphireims Nov 21, 2024 Aug 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID.
CVE-2020-25562 1Sapphireims 1Sapphireims Nov 21, 2024 Aug 11, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent.
CVE-2020-25561 1Sapphireims 1Sapphireims Nov 21, 2024 Aug 11, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client.
CVE-2020-25560 1Sapphireims 1Sapphireims Nov 21, 2024 Aug 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands...Show more In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. We also observed the same is true if the JSESSIONID is completely removed.Show less
CVE-2017-16632 1Sapphireims 1Sapphireims Nov 21, 2024 Aug 11, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In SapphireIMS 4097_1, the password in the database is stored in Base64 format.
CVE-2017-16631 1Sapphireims 1Sapphireims Nov 21, 2024 Aug 11, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.
CVE-2017-16630 1Sapphireims 1Sapphireims Nov 21, 2024 Aug 11, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.
CVE-2017-16629 1Sapphireims 1Sapphireims Nov 21, 2024 Aug 11, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The applicati...Show more In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" - it gives an error "Authentication failed. Please login again."Show less