CVE-2021-44877

EPSS 0.54%
Veröffentlicht 21.12.2021 17:15:08
Zuletzt bearbeitet 21.11.2024 06:31:38
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. A broken access control vulnerability has been found while using a temporary generated token in order to consume api resources. The vulnerability allows an unauthenticated attacker to use an api endpoint to generate a temporary JWT token that is designed to reference the correct tenant prior to authentication, to request system configuration parameters using direct api requests. The correct exploitation of this vulnerability causes sensitive information exposure. In case the tenant has an smtp credential set, the full credential information is disclosed.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dalmark ≫ Systeam Enterprise Resource Planning Version2.22.8 Updatebuild_1724

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.54%	0.651

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://www.systeam.com.br/cve/broken-access-control-en.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-44877

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-44877

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-44877

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-44877