CVE-2021-44837

Published: Jan 19, 2022Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the id_cat1 query parameter to indicate the risk.

Affected (1)

Products: Deltarm: Delta Rm

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Deltarm Delta Rm	Version 1.2

References (4)

https://gist.github.com/rntcruz23/8a91e6366a8247a0692c8ce2dfe87f21

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.deltarm.com

Source: cve@mitre.org

ProductVendor Advisory

https://gist.github.com/rntcruz23/8a91e6366a8247a0692c8ce2dfe87f21

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.deltarm.com

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.