Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable...
Moderate severity
Unreviewed
Published
Dec 22, 2021
to the GitHub Advisory Database
•
Updated Feb 3, 2023
Description
Published by the National Vulnerability Database
Dec 21, 2021
Published to the GitHub Advisory Database
Dec 22, 2021
Last updated
Feb 3, 2023
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the password recovery procedure for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users.
References