In SapphireIMS 4097_1, a guest user is able to change the... · CVE-2017-16631 · GitHub Advisory Database · GitHub

In SapphireIMS 4097_1, a guest user is able to change the...

Moderate severity Unreviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Jan 30, 2023

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.

References

Published by the National Vulnerability Database

Aug 11, 2021

Published to the GitHub Advisory Database May 24, 2022

Last updated Jan 30, 2023