CVE-2017-16630

Name of the Vulnerable Software and Affected Versions SapphireIMS version 4097 1

Description The issue allows a guest user to create a local administrator account on any system with SapphireIMS installed due to an Insecure Direct Object Reference (IDOR) in the local user creation function. This means that the function does not properly restrict access to objects, allowing unauthorized users to perform actions they should not be able to.

Recommendations For SapphireIMS version 4097 1, consider restricting access to the local user creation function to prevent guest users from creating local administrator accounts until a patch is available. As a temporary workaround, limit the privileges of guest users to minimize the risk of exploitation.