CVE-2021-42123

Опубликовано: 30 нояб. 2021

Источник: nvd

CVSS3: 7.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side attacks.

Ссылки

https://confluence.topease.ch/confluence/display/DOC/Release+Notes
Release Notes
Vendor Advisory
https://confluence.topease.ch/confluence/display/DOC/Release+Notes
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:businessdnasolutions:topease:*:*:*:*:*:*:*:*

Версия до 7.1.27 (включая)

EPSS

Процентиль: 48%

0.00249

Низкий

7.3 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-2fvx-vhr6-r4cv

github

около 4 лет назад

Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbHâ€™s TopEaseÂ® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side attacks.

EPSS

Процентиль: 48%

0.00249

Низкий

7.3 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434