How severe is CVE-2021-42115?

CVE-2021-42115 has a CVSS v3 score of 8.1 (HIGH).

CVE-2021-42115

Name: topease
Author: businessdnasolutions

8.1HIGH

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthent

公開日: 11/30/2021更新日: 11/21/2024

説明

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID.

AI分析AIによる分析

影響を受ける製品

businessdnasolutionstopease

参照

https://confluence.topease.ch/confluence/display/DOC/Release+Notes
Release NotesVendor Advisory
https://confluence.topease.ch/confluence/display/DOC/Release+Notes
Release NotesVendor Advisory