exploitDog

CVE-2017-16630

Опубликовано: 11 авг. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.

Ссылки

https://vuln.shellcoder.party/2020/07/18/cve-2017-16630-sapphireims-idor-based-privilege-elevation/
Third Party Advisory
https://vuln.shellcoder.party/tags/sapphireims/
Third Party Advisory
https://vuln.shellcoder.party/2020/07/18/cve-2017-16630-sapphireims-idor-based-privilege-elevation/
Third Party Advisory
https://vuln.shellcoder.party/tags/sapphireims/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sapphireims:sapphireims:4097_1:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00324

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-x7rr-wv6r-f745

github

больше 3 лет назад

In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.

EPSS

Процентиль: 55%

0.00324

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-732