RSS   Podatności dla 'Sapphireims'   RSS

2021-08-11
 
CVE-2017-16629

CWE-209
 

 
In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" - it gives an error "Authentication failed. Please login again."

 
 
CVE-2017-16630

CWE-732
 

 
In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.

 
 
CVE-2017-16631

CWE-732
 

 
In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.

 
 
CVE-2017-16632

CWE-326
 

 
In SapphireIMS 4097_1, the password in the database is stored in Base64 format.

 
 
CVE-2020-25560

CWE-78
 

 
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on �??ping�?�, �??traceroute�?� and �??snmp�?� functions and execute code on the server. We also observed the same is true if the JSESSIONID is completely removed.

 
 
CVE-2020-25561

CWE-798
 

 
SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client.

 
 
CVE-2020-25562

CWE-352
 

 
In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent.

 
 
CVE-2020-25563

CWE-306
 

 
In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID.

 
 
CVE-2020-25564

CWE-732
 

 
In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature.

 
 
CVE-2020-25565

CWE-798
 

 
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on �??ping�?�, �??traceroute�?� and �??snmp�?� functions and execute code on the server.

 


Copyright 2024, cxsecurity.com

 

Back to Top