CVE-2021-44874

Published: Dec 21, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure design on report build via SQL query. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. The bi report module exposes direct SQL commands via POST data in order to select data for report generation. A malicious actor can use the bi report endpoint as a direct SQL prompt under the authenticated user.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.systeam.com.br/cve/insecure%20design%20-%20sql%20manipulation-en.txt

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-44874

Description

Affected Products

References