How severe is CVE-2021-42115?

CVE-2021-42115 has a CVSS v3 score of 8.1 (HIGH).

CVE-2021-42115

Name: topease
Author: businessdnasolutions

8.1HIGH

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthent

Опубликовано: 11/30/2021Обновлено: 11/21/2024

Описание

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID.

ИИ-АнализНа базе ИИ

Затронутые продукты

businessdnasolutionstopease

Ссылки

https://confluence.topease.ch/confluence/display/DOC/Release+Notes
Release NotesVendor Advisory
https://confluence.topease.ch/confluence/display/DOC/Release+Notes
Release NotesVendor Advisory