2 matches found
CVE-2021-42115
The CVE-2021-42115 entry concerns Business-DNA Solutions GmbH TopEase Platform: versions ≤ 7.1.27 are affected by a Missing HTTPOnly flag on the session cookie UID, enabling an unauthenticated attacker to escalate to an authenticated user by stealing/injecting the cookie. The connected sources re...
CVE-2021-42115 Missing HTTPOnly flag on sensitive cookie in TopEase
Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie...