Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. A broken access control vulnerability has been found while using a temporary generated token in order to consume api resources. The vulnerability allows an unauthenticated attacker to use an api endpoint to generate a temporary JWT token that is designed to reference the correct tenant prior to authentication, to request system configuration parameters using direct api requests. The correct exploitation of this vulnerability causes sensitive information exposure. In case the tenant has an smtp credential set, the full credential information is disclosed.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Dalmark Systems Systeam 安全漏洞
Vulnerability Description
Dalmark Systems Systeam是巴西Dalmark Systems公司的一个 Erp 系统。 Dalmark Systems Systeam 2.22.8 build 1724版本存在安全漏洞,攻击者可以通过该漏洞对有效用户进行暴力破解。
CVSS Information
N/A
Vulnerability Type
N/A