VYPR

Rm

by Totara

CVEs (7)

  • CVE-2022-37772HigNov 23, 2022
    risk 0.49cvss 7.5epss 0.01

    Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts.

  • CVE-2021-44839MedJan 18, 2022
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/adm_utilisateur/send-mail.json endpoint, a user can send a JSON array with user IDs that will have their passwords reset…

  • CVE-2023-4710MedSep 1, 2023
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in TOTVS RM 12.1. Affected by this vulnerability is an unknown functionality of the component Portal. The manipulation of the argument d leads to cross site scripting. The attack can be launched remotely. The identifier…

  • CVE-2021-44837MedJan 19, 2022
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the id_cat1 query parameter to…

  • CVE-2021-44836MedJan 18, 2022
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID parameter to identify the risk to be re-opened.

  • CVE-2023-4709LowSep 1, 2023
    risk 0.20cvss 3.1epss 0.00

    A vulnerability classified as problematic has been found in TOTVS RM 12.1. Affected is an unknown function of the file Login.aspx of the component Portal. The manipulation of the argument VIEWSTATE leads to cross site scripting. It is possible to launch the attack remotely. The…

  • CVE-2021-44840LowJan 18, 2022
    risk 0.18cvss 2.7epss 0.01

    An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected…