Renato Cruz

**Name of the Vulnerable Software and Affected Versions** Active Intelligent Visualization version 5 **Description** An issue was discovered where the Vdc header is used in a SQL query without being sanitized, causing SQL injection. **Recommendations** For Active Intelligent Visualization version 5, consider sanitizing the Vdc header in SQL queries to prevent SQL injection until a patch is available. As a temporary workaround, restrict access to SQL queries using the Vdc header to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Delta RM version 1.2 **Description** An issue allows an unprivileged user to access the same information as an admin user regarding risk creation. This is possible through the "/risque/administration/referentiel/json/create/categorie" endpoint by using the `id cat1` query parameter to indicate the risk. **Recommendations** For Delta RM version 1.2, as a temporary workaround, consider restricting access to the "/risque/administration/referentiel/json/create/categorie" endpoint until a patch is available. Avoid using the `id cat1` query parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta RM version 1.2 **Description** An issue was discovered in the software where the "/risque/risque/workflow/reset" endpoint lacks access controls. This allows an unprivileged user to reopen a risk by sending a POST request and using the `risqueID` parameter to specify the risk to be reopened. **Recommendations** For Delta RM version 1.2, consider disabling access to the "/risque/risque/workflow/reset" endpoint until a patch is available to add proper access controls. As a temporary workaround, restrict the use of the `risqueID` parameter in this endpoint to prevent unauthorized risk re-opening.

**Name of the Vulnerable Software and Affected Versions** Delta RM version 1.2 **Description** An issue was discovered that allows users to access risks of other companies. This is achieved by using the "/risque/risque/ajax-details" endpoint with a POST request, specifying the risk to access with the `id` parameter. **Recommendations** For Delta RM version 1.2, as a temporary workaround, consider restricting access to the "/risque/risque/ajax-details" endpoint until a patch is available. Avoid using the `id` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta RM version 1.2 **Description** An issue was discovered that allows requesting a new password for any other account using the account ID. A user can send a JSON array with user IDs to the "/listes/DTsendmaildata/adm utilisateur/send-mail.json" endpoint, which will reset the passwords and send new ones to the respective email addresses. **Recommendations** For Delta RM version 1.2, as a temporary workaround, consider restricting access to the "/listes/DTsendmaildata/adm utilisateur/send-mail.json" endpoint until a patch is available. Avoid using this endpoint to send password reset requests for other accounts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta RM version 1.2 **Description** An issue was discovered in Delta RM, allowing an attacker with a privileged account to edit, create, and delete risk labels, including Criticality and Priority Indication labels. This can be achieved by using the "/core/table/query" endpoint with a POST request, specifying the affected label with the `tableUid` parameter and the operation with `datas[query]`. The vulnerable labels include Priority Indication, Quality Evaluation, Progress Margin, and Priority. Additionally, it is possible to export Criticality labels with an unprivileged user. **Recommendations** For Delta RM version 1.2, consider restricting access to the "/core/table/query" endpoint to prevent unauthorized modifications to risk labels. As a temporary workaround, limit the use of the `tableUid` parameter and `datas[query]` to minimize the risk of exploitation. Avoid using the `tableUid` parameter and `datas[query]` with unprivileged users to prevent the export of Criticality labels. At the moment, there is no information about a newer version that contains a fix for this vulnerability.