In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping�, “traceroute� and “snmp� functions and execute code on the server. We also observed the same is true if the JSESSIONID is completely removed.