How severe is CVE-2021-42115?

CVE-2021-42115 has a CVSS v3 score of 8.1 (HIGH).

CVE-2021-42115

Name: topease
Author: businessdnasolutions

8.1HIGH

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthent

Veröffentlicht: 11/30/2021Aktualisiert: 11/21/2024

Beschreibung

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID.

KI-AnalyseKI-gestützt

Betroffene Produkte

businessdnasolutionstopease

Referenzen

https://confluence.topease.ch/confluence/display/DOC/Release+Notes
Release NotesVendor Advisory
https://confluence.topease.ch/confluence/display/DOC/Release+Notes
Release NotesVendor Advisory