CVE-2021-42122
Denial of Service via Invalid Object Attribute in TopEase
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s attributes with numeric format allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format, which makes the affected attribute non-editable.
Una Comprobación de Entrada Insuficiente en Aplicaciones Web que operan en la Plataforma TopEase® de Business-DNA Solutions GmbH Versiones anteriores a 7.1.27 incluyéndola, en los atributos de un objeto con formato numérico permite a un atacante remoto autenticado con privilegios de Modificación de Objetos insertar un formato no esperado, lo que hace que el atributo afectado no sea editable
*Credits:
SIX Group Services AG, Cyber Controls
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-10-08 CVE Reserved
- 2021-11-30 CVE Published
- 2023-06-23 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://confluence.topease.ch/confluence/display/DOC/Release+Notes | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Businessdnasolutions Search vendor "Businessdnasolutions" | Topease Search vendor "Businessdnasolutions" for product "Topease" | <= 7.1.27 Search vendor "Businessdnasolutions" for product "Topease" and version " <= 7.1.27" | - |
Affected
|