CVE-2021-44838

Name of the Vulnerable Software and Affected Versions Delta RM version 1.2

Description An issue was discovered that allows users to access risks of other companies. This is achieved by using the "/risque/risque/ajax-details" endpoint with a POST request, specifying the risk to access with the id parameter.

Recommendations For Delta RM version 1.2, as a temporary workaround, consider restricting access to the "/risque/risque/ajax-details" endpoint until a patch is available. Avoid using the id parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.