CVE-2021-44837

An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the id_cat1 query parameter to indicate the risk.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
deltarmdelta_rm
1.2
𝑥
= Vulnerable software versions
References
https://gist.github.com/rntcruz23/8a91e6366a8247a0692c8ce2dfe87f21
https://www.deltarm.com
https://gist.github.com/rntcruz23/8a91e6366a8247a0692c8ce2dfe87f21
https://www.deltarm.com