How severe is CVE-2021-42115?

CVE-2021-42115 has a CVSS v3 score of 8.1 (HIGH).

CVE-2021-42115

Name: topease
Author: businessdnasolutions

8.1HIGH

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthent

发布于: 11/30/2021更新于: 11/21/2024

描述

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID.

AI分析AI驱动

受影响产品

businessdnasolutionstopease

参考资料

https://confluence.topease.ch/confluence/display/DOC/Release+Notes
Release NotesVendor Advisory
https://confluence.topease.ch/confluence/display/DOC/Release+Notes
Release NotesVendor Advisory