CVE-2021-44836

Name of the Vulnerable Software and Affected Versions Delta RM version 1.2

Description An issue was discovered in the software where the "/risque/risque/workflow/reset" endpoint lacks access controls. This allows an unprivileged user to reopen a risk by sending a POST request and using the risqueID parameter to specify the risk to be reopened.

Recommendations For Delta RM version 1.2, consider disabling access to the "/risque/risque/workflow/reset" endpoint until a patch is available to add proper access controls. As a temporary workaround, restrict the use of the risqueID parameter in this endpoint to prevent unauthorized risk re-opening.