CVE-2021-44875

Name of the Vulnerable Software and Affected Versions: Dalmark Systems Systeam version 2.22.8 build 1724

Description: The Systeam application, an ERP system using a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts, is affected by a user enumeration issue. This occurs during the password recovery procedure for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users.

Recommendations: For version 2.22.8 build 1724, as a temporary workaround, consider modifying the password recovery procedure to return uniform messages for all users, regardless of their validity, until a patch is available. Restrict access to the password recovery feature to minimize the risk of exploitation.