CVE-2017-16631

Description

In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.

Affected Software
References

Software	From	Fixed in
sapphireims / sapphireims	4097_1	4097_1.x

https://vuln.shellcoder.party/2020/07/18/cve-2017-16631-sapphireims-idor-on-password-reset/
https://vuln.shellcoder.party/tags/sapphireims/

Severity: Medium

CVE: CVE-2017-16631
Published: Aug 11, 2021
Updated: Apr 13, 2023
Exploit:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-732

CVE-2017-16631

Description

Details

CVSS v3

CVSS v2

CWEs