ID CVE-2021-44840
Summary An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid parameter and the operation with datas[query], it is possible to edit, create, and delete the following labels: Priority Indication, Quality Evaluation, Progress Margin and Priority. Furthermore, it is also possible to export Criticality labels with an unprivileged user.
References
Vulnerable Configurations
  • cpe:2.3:a:deltarm:delta_rm:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:deltarm:delta_rm:1.2:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 12-07-2022 - 17:42)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:P/A:N
Last major update 12-07-2022 - 17:42
Published 18-01-2022 - 19:15
Last modified 12-07-2022 - 17:42
Back to Top