Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: NCSC.ch
Published: 2021-11-30T11:28:07
Updated: 2024-08-04T03:22:25.999Z
Reserved: 2021-10-08T00:00:00
Link: CVE-2021-42115
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-11-30T12:15:07.647
Modified: 2024-11-21T06:27:17.537
Link: CVE-2021-42115
Redhat
No data.