Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sapphireims sapphireims 4097 1 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-16629
In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contac...
Sapphireims Sapphireims 4097 1
8.8
CVSSv3
CVE-2017-16630
In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.
Sapphireims Sapphireims 4097 1
6.5
CVSSv3
CVE-2017-16631
In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.
Sapphireims Sapphireims 4097 1
7.5
CVSSv3
CVE-2017-16632
In SapphireIMS 4097_1, the password in the database is stored in Base64 format.
Sapphireims Sapphireims 4097 1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started