How severe is CVE-2021-42115?

CVE-2021-42115 has a CVSS v3 score of 8.1 (HIGH).

CVE-2021-42115

Name: topease
Author: businessdnasolutions

8.1HIGH

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthent

Published: 11/30/2021Updated: 11/21/2024

Description

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID.

AI AnalysisPowered by AI

Affected Products

businessdnasolutionstopease

References

https://confluence.topease.ch/confluence/display/DOC/Release+Notes
Release NotesVendor Advisory
https://confluence.topease.ch/confluence/display/DOC/Release+Notes
Release NotesVendor Advisory