exploitDog

CVE-2021-44837

Опубликовано: 19 янв. 2022

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the id_cat1 query parameter to indicate the risk.

Ссылки

https://gist.github.com/rntcruz23/8a91e6366a8247a0692c8ce2dfe87f21
Exploit
Third Party Advisory
https://www.deltarm.com
Product
Vendor Advisory
https://gist.github.com/rntcruz23/8a91e6366a8247a0692c8ce2dfe87f21
Exploit
Third Party Advisory
https://www.deltarm.com
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:deltarm:delta_rm:1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00226

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-qf8x-c298-x5pj

CVSS3: 4.3

github

около 4 лет назад

An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the id_cat1 query parameter to indicate the risk.

EPSS

Процентиль: 45%

0.00226

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-Other