CVE-2021-42115
8.1HIGHMissing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthent
게시됨: 11/30/2021업데이트됨: 11/21/2024
설명
Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID.
AI 분석AI 기반
영향받는 제품
businessdnasolutionstopease
참조
- https://confluence.topease.ch/confluence/display/DOC/Release+NotesRelease NotesVendor Advisory
- https://confluence.topease.ch/confluence/display/DOC/Release+NotesRelease NotesVendor Advisory