Exposure of Resource to Wrong Sphere

CVE-2021-44837

Medium

4.3/10

Summary

An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the id_cat1 query parameter to indicate the risk.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References

Advisory Timeline

Published Jan 19, 2022

Exposure of Resource to Wrong Sphere

CVE-2021-44837

Summary

CWE-668 - Exposure of Resource to Wrong Sphere

References

Advisory Timeline

HackerOne

Wireshark

OWASP ZAP