CVE-2021-44839

Name of the Vulnerable Software and Affected Versions Delta RM version 1.2

Description An issue was discovered that allows requesting a new password for any other account using the account ID. A user can send a JSON array with user IDs to the "/listes/DTsendmaildata/adm utilisateur/send-mail.json" endpoint, which will reset the passwords and send new ones to the respective email addresses.

Recommendations For Delta RM version 1.2, as a temporary workaround, consider restricting access to the "/listes/DTsendmaildata/adm utilisateur/send-mail.json" endpoint until a patch is available. Avoid using this endpoint to send password reset requests for other accounts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.