4

CVE-2021-44840

Exploit

EPSS 0.64%
Veröffentlicht 18.01.2022 19:15:09
Zuletzt bearbeitet 21.11.2024 06:31:35
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid parameter and the operation with datas[query], it is possible to edit, create, and delete the following labels: Priority Indication, Quality Evaluation, Progress Margin and Priority. Furthermore, it is also possible to export Criticality labels with an unprivileged user.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Deltarm ≫ Delta Rm Version1.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.64%	0.459

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://gist.github.com/rntcruz23/81f83f9e406198b08ab40ffae8336a92

Third Party Advisory

Exploit

https://www.deltarm.com

Vendor Advisory

Product

https://nvd.nist.gov/vuln/detail/CVE-2021-44840

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-44840

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-44840

EUVD