[CVE-2020-25562] SapphireIMS: CSRF


In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent.

CVSS 3.0 Base Score

7.3 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)


Tanoy Bose


Limited Disclosure

Vulnerability Tracker

Disclosure timelines

  • 07 May, 2020 - Vendor informed; failed
  • 16 Sept, 2020 - Cert-CC and Cert-In Informed
You can know about me at my portfolio.
I follow my own Vulnerability Disclosure Policy.
Most of my work is listed here.