Insecure Direct Object Reference (IDOR) Allows Guest Users to Create Local Administrator Accounts in SapphireIMS

Insecure Direct Object Reference (IDOR) Allows Guest Users to Create Local Administrator Accounts in SapphireIMS

CVE-2017-16630 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.

Learn more about our User Device Pen Test.