Lucene search

NCSC.chCVELIST:CVE-2021-42121

HistoryNov 30, 2021 - 11:28 a.m.

CVE-2021-42121 Denial of Service via Invalid Date Format in TopEase

2021-11-3011:28:12

CWE-20

NCSC.ch

www.cve.org

denial of service

invalid date format

insufficient input validation

web applications

topease platform

remote attacker

unexpected format

date fields

object page

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

42.1%

JSON

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads to breaking the object page that the date field is present.

CNA Affected

[
  {
    "product": "TopEase",
    "vendor": "Business-DNA Solutions GmbH",
    "versions": [
      {
        "lessThanOrEqual": "7.1.27",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

confluence.topease.ch/confluence/display/DOC/Release+Notes

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

42.1%

JSON

Related for CVELIST:CVE-2021-42121