CVE-2020-25563

Name of the Vulnerable Software and Affected Versions: SapphireIMS version 5.0

Description: The issue allows creating a local administrator on any client without requiring credentials by directly accessing the RemoteMgmtTaskSave feature, which is part of Automation Tasks, and not having a JSESSIONID.

Recommendations: For SapphireIMS version 5.0, consider restricting access to the RemoteMgmtTaskSave feature to prevent unauthorized creation of local administrators until a patch is available. As a temporary workaround, ensure that all sessions require a valid JSESSIONID to access Automation Tasks.