CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42115 – Missing HTTPOnly flag on sensitive cookie in TopEase
https://notcve.org/view.php?id=CVE-2021-42115
30 Nov 2021 — Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID. La falta del flag HTTPOnly en las aplicaciones web que operan en la plataforma TopEase® de Business-DNA Solutions GmbH, versiones anteriores a 7.1.27 incluyéndola, permite a un atacante remoto no autenticado ... • https://confluence.topease.ch/confluence/display/DOC/Release+Notes • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •