Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2021-44874
HistoryDec 21, 2021 - 4:22 p.m.

CVE-2021-44874

2021-12-2116:22:28
mitre
www.cve.org
4
dalmark systems
systeam
erp system
insecure design
sql query
saas tenant
user management
on-premise database
web application
bi report
sql prompt

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure design on report build via SQL query. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. The bi report module exposes direct SQL commands via POST data in order to select data for report generation. A malicious actor can use the bi report endpoint as a direct SQL prompt under the authenticated user.

Related

prion 1
nvd 1
cve 1
prion
prion
Sql injection
2021-12-21 17:15:00
nvd
nvd
CVE-2021-44874
2021-12-21 17:15:08
cve
cve
CVE-2021-44874
2021-12-21 17:15:08

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON
Related for CVELIST:CVE-2021-44874
prion1nvd1cve1