How severe is CVE-2021-44840?

This vulnerability has a severity rating of LOW with a CVSS score of 2.7 out of 10.

What type of vulnerability is CVE-2021-44840?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2021-44840 - LOW Severity | CVSS 2.7

Vulnerability Description

An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid parameter and the operation with datas[query], it is possible to edit, create, and delete the following labels: Priority Indication, Quality Evaluation, Progress Margin and Priority. Furthermore, it is also possible to export Criticality labels with an unprivileged user.

Related Vulnerabilities

CVE-2017-5930

LOW

CVSS:2.7(Low)

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission che...

CWE-8622017

CVE-2020-6306

LOW

CVSS:2.7(Low)

Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17).

CWE-8622020

CVE-2022-2459

LOW

CVSS:2.7(Low)

An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for ema...

CWE-8622022

CVE-2022-2841

LOW

CVSS:2.7(Low)

A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610/6.44.15806. It has been classified as problematic. Affected is an unknown function of the component Uninstallation Handler. The ...

CWE-8622022

CVE-2023-3587

LOW

CVSS:2.7(Low)

Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the U...

CWE-8622023

CVE-2023-49652

LOW

CVSS:2.7(Low)

Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on...

CWE-8622023