Vulnerabilities > Sapphireims > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-11 | CVE-2017-16631 | Incorrect Permission Assignment for Critical Resource vulnerability in Sapphireims 40971 In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality. | 6.5 |
| 2021-08-11 | CVE-2020-25562 | Cross-Site Request Forgery (CSRF) vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, there is no CSRF token present in the entire application. | 6.5 |