CVE-2017-16631

In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt