CVE-2021-44837

An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the id_cat1 query parameter to indicate the risk.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://gist.github.com/rntcruz23/8a91e6366a8247a0692c8ce2dfe87f21	Exploit Third Party Advisory
https://www.deltarm.com	Product Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:deltarm:delta_rm:1.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-01-19 14:15

Updated : 2023-08-08 14:22

NVD link : CVE-2021-44837

Mitre link : CVE-2021-44837

CVE.ORG link : CVE-2021-44837

JSON object : View

Products Affected

deltarm

delta_rm

CWE

NVD-CWE-Other

{"id": "CVE-2021-44837", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-01-19T14:15:07.407", "references": [{"url": "https://gist.github.com/rntcruz23/8a91e6366a8247a0692c8ce2dfe87f21", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.deltarm.com", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the id_cat1 query parameter to indicate the risk."}, {"lang": "es", "value": "Se ha detectado un problema en Delta RM versi\u00f3n 1.2. Es posible que un usuario no privilegiado acceda a la misma informaci\u00f3n que un usuario administrador respecto a la informaci\u00f3n de creaci\u00f3n de riesgos en el endpoint /risque/administration/referentiel/json/create/categorie, usando el par\u00e1metro de consulta id_cat1 para indicar el riesgo"}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:deltarm:delta_rm:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6159A90-582B-422C-83B4-138A28A27950"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}