Vulnerabilities > Sapphireims > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-11 | CVE-2017-16629 | Information Exposure Through an Error Message vulnerability in Sapphireims 40971 In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. | 7.5 |
| 2021-08-11 | CVE-2017-16630 | Incorrect Permission Assignment for Critical Resource vulnerability in Sapphireims 40971 In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function. | 8.8 |
| 2021-08-11 | CVE-2017-16632 | Inadequate Encryption Strength vulnerability in Sapphireims 40971 In SapphireIMS 4097_1, the password in the database is stored in Base64 format. | 7.5 |
| 2021-08-11 | CVE-2020-25561 | Use of Hard-coded Credentials vulnerability in Sapphireims 5.0 SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. | 7.8 |
| 2021-08-11 | CVE-2020-25564 | Incorrect Authorization vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature. | 8.8 |