PT-2021-8565 · Unknown · Sapphireims

Tanoy Bose

Published

2021-08-11

Updated

2021-08-16

CVE-2017-16631

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions SapphireIMS version 4097 1

Description The issue allows a guest user to change the password of an administrative user by exploiting an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.

Recommendations For SapphireIMS version 4097 1, restrict access to the "Account Password Reset" functionality to prevent unauthorized password changes until a fix is available.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2017-16631

Affected Products

Sapphireims

PT-2021-8565 · Unknown · Sapphireims

CVE-2017-16631

Weakness Enumeration

Related Identifiers

Affected Products

References · 4