Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tecknodreams SapphireIMS 信任管理问题漏洞
Vulnerability Description
Tecknodreams SapphireIMS是印度Tecknodreams公司的ITIL 2011 认证的企业级服务管理系统。 SapphireIMS 5.0 存在信任管理问题漏洞,该漏洞源于在 SapphireIMS 5.0 中,可以在客户端中使用硬编码凭据(用户名:sapphire,密码:ims)并获得对门户的访问权限。 一旦访问可用,攻击者就可以在“ping”、“traceroute”和“snmp”函数上注入恶意操作系统命令并在服务器上执行代码。
CVSS Information
N/A
Vulnerability Type
N/A