Vulnerabilities > CVE-2021-44875 - Information Exposure Through Discrepancy vulnerability in Dalmark Systeam Enterprise Resource Planning 2.22.8
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the password recovery procedure for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |