Vulnerabilities > Sapphireims > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-11 | CVE-2020-25560 | Use of Hard-coded Credentials vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. | 9.8 |
| 2021-08-11 | CVE-2020-25563 | Missing Authentication for Critical Function vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID. | 9.8 |
| 2021-08-11 | CVE-2020-25565 | Use of Hard-coded Credentials vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. | 9.8 |
| 2021-08-11 | CVE-2020-25566 | Missing Authentication for Critical Function vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. | 9.8 |