CVE-2021-44838

An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax-details endpoint, with a POST request indicating the risk to access with the id parameter, it is possible for users to access risks of other companies.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
deltarmdelta_rm
1.2
𝑥
= Vulnerable software versions
References
https://gist.github.com/rntcruz23/6575c0ef45c30687c538361910bb8ab3
https://www.deltarm.com
https://gist.github.com/rntcruz23/6575c0ef45c30687c538361910bb8ab3
https://www.deltarm.com