2 matches found
CVE-2021-44836
An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID parameter to identify the risk to be re-opened...
CVE-2021-44836
Delta RM 1.2 contains an access-control flaw in the /risque/risque/workflow/reset endpoint, allowing an unprivileged user to reopen a risk via POST with risqueID. Root cause: missing access controls on the reset workflow. Impact: potential unauthorized modification of risk states; no explicit exp...