CVE-2021-42121

Опубликовано: 30 нояб. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads to breaking the object page that the date field is present.

Ссылки

https://confluence.topease.ch/confluence/display/DOC/Release+Notes
Release Notes
Vendor Advisory
https://confluence.topease.ch/confluence/display/DOC/Release+Notes
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:businessdnasolutions:topease:*:*:*:*:*:*:*:*

Версия до 7.1.27 (включая)

EPSS

Процентиль: 58%

0.00367

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-52xf-jjg9-gfxx

github

около 4 лет назад

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbHâ€™s TopEaseÂ® Platform Version <= 7.1.27 on an objectâ€™s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads to breaking the object page that the date field is present.