Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. We also observed the same is true if the JSESSIONID is completely removed.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tecknodreams SapphireIMS 操作系统命令注入漏洞
Vulnerability Description
Tecknodreams SapphireIMS是印度Tecknodreams公司的ITIL 2011 认证的企业级服务管理系统。 Tecknodreams SapphireIMS 5.0 存在操作系统命令注入漏洞,该漏洞源于在 SapphireIMS 5.0 中,可以在客户端中使用硬编码凭据(用户名:sapphire,密码:ims)并获得对门户的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A