CVE-2021-44836

An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID parameter to identify the risk to be re-opened...

CVE-2021-44839

An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/admutilisateur/send-mail.json endpoint, a user can send a JSON array with user IDs that will have their passwords reset and new ones sent ...

Design/Logic Flaw

An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID parameter to identify the risk to be re-opened...

Design/Logic Flaw

An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/admutilisateur/send-mail.json endpoint, a user can send a JSON array with user IDs that will have their passwords reset and new ones sent ...

CVE-2021-44839

Delta RM 1.2 contains a vulnerability where an attacker can request password resets for other accounts via the endpoint /listes/DTsendmaildata/adm_utilisateur/send-mail.json by submitting a JSON array of target user IDs. This could result in new passwords being sent to the corresponding email add...

CVE-2021-44840

An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid...

CVE-2021-44840

An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid...

Design/Logic Flaw

An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid...

CVE-2021-44838

An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax-details endpoint, with a POST request indicating the risk to access with the id parameter, it is possible for users to access risks of other companies...

CVE-2021-44838

The CVE-2021-44838 issue affects Delta RM 1.2. The vulnerability arises in the /risque/risque/ajax-details endpoint, where a POST request that includes an id parameter can allow a user to access risks from other companies. This represents a cross-entity exposure within the risk-management web int...

CVE-2021-44840

An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid...

Delta RM 安全漏洞

Delta Rm is a simple and effective risk management from Delta Rm France. It is used to simplify risk management methods and save time. A security vulnerability exists in Delta RM 1.2 that stems from the use of the ajax-details endpoint with a POST request indicating the risk of using the id...