Описание
An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/adm_utilisateur/send-mail.json endpoint, a user can send a JSON array with user IDs that will have their passwords reset (and new ones sent to their respective e-mail addresses).
Ссылки
- Third Party Advisory
- ProductVendor Advisory
- Third Party Advisory
- ProductVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:deltarm:delta_rm:1.2:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00152
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-640
Связанные уязвимости
github
около 4 лет назад
An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/adm_utilisateur/send-mail.json endpoint, a user can send a JSON array with user IDs that will have their passwords reset (and new ones sent to their respective e-mail addresses).
EPSS
Процентиль: 36%
0.00152
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-640