CVE-2021-44836 - An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking acces

CVE-2021-44836

Summary

An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID parameter to identify the risk to be re-opened.

References

https://www.deltarm.com
https://gist.github.com/rntcruz23/01af412813c63d6e0cc41c26f52893be

Vulnerable Configurations

cpe:2.3:a:deltarm:delta_rm:1.2:*:*:*:*:*:*:*
cpe:2.3:a:deltarm:delta_rm:1.2:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 12-07-2022 - 17:42)
Impact:
Exploitability:

CWE

CWE-639

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:P/A:N

Last major update

12-07-2022 - 17:42

Published

18-01-2022 - 20:15

Last modified

12-07-2022 - 17:42