CVE-2021-44839
MEDIUMDelta RM 1.2 - Weak Password Recovery Mechanism via send-mail.json Endpoint
Title source: llmDescription
An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/adm_utilisateur/send-mail.json endpoint, a user can send a JSON array with user IDs that will have their passwords reset (and new ones sent to their respective e-mail addresses).
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://www.deltarm.com
Third Party Advisory x_refsource_misc
https://gist.github.com/rntcruz23/16ac2d9dfc7e32b0f57dc7b20f17cd29
Scores
CVSS v3
6.5
EPSS
0.0058
EPSS Percentile
42.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-640
Status
published
Products (1)
deltarm/delta_rm
1.2
Published
Jan 18, 2022
Tracked Since
Feb 18, 2026