CVE-2017-16630

In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt