CVE-2021-44875 — MEDIUM (5.3)

Vulnerability Description

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the password recovery procedure for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Dalmark	Systeam Enterprise Resource Planning	2.22.8

Related Weaknesses (CWE)

CWE-203

References

https://www.systeam.com.br/cve/userenum-2-en.txtVendor Advisory
https://www.systeam.com.br/cve/userenum-2-en.txtVendor Advisory

FAQ

What is CVE-2021-44875?

CVE-2021-44875 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-pr...

How severe is CVE-2021-44875?

CVE-2021-44875 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-44875?

Check the references section above for vendor advisories and patch information. Affected products include: Dalmark Systeam Enterprise Resource Planning.