Lucene search

NCSC.chCVELIST:CVE-2021-42544

HistoryNov 30, 2021 - 11:28 a.m.

CVE-2021-42544 Lack of Rate limiting in Authentication in TopEase

2021-11-3011:28:14

CWE-307

NCSC.ch

www.cve.org

cve-2021-42544

rate limiting

authentication

topease

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

9.7

Confidence

High

EPSS

0.005

Percentile

76.4%

JSON

Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges.

CNA Affected

[
  {
    "product": "TopEase",
    "vendor": "Business-DNA Solutions GmbH",
    "versions": [
      {
        "lessThanOrEqual": "7.1.28",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 7.1.28",
        "versionType": "custom"
      }
    ]
  }
]

References

confluence.topease.ch/confluence/display/DOC/Release+Notes

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

9.7

Confidence

High

EPSS

0.005

Percentile

76.4%

JSON

Related for CVELIST:CVE-2021-42544