Vulnerabilities > CVE-2021-44836 - Authorization Bypass Through User-Controlled Key vulnerability in Deltarm Delta RM 1.2

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
deltarm
CWE-639

Summary

An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID parameter to identify the risk to be re-opened.

Vulnerable Configurations

Part Description Count
Application
Deltarm
1