Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the username to that user and password to base64(desired password).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SapphireIMS 访问控制错误漏洞
Vulnerability Description
Tecknodreams SapphireIMS是印度Tecknodreams公司的ITIL 2011 认证的企业级服务管理系统。 SapphireIMS 5.0存在安全漏洞,该漏洞源于软件中的Save Password表单对于请求过滤不足攻击者可以在无需JESSIONID的情况下发送请求来接管帐户,并且重置任何用户的密码。
CVSS Information
N/A
Vulnerability Type
N/A