Vulnerabilities > CVE-2021-42544 - Improper Restriction of Excessive Authentication Attempts vulnerability in Businessdnasolutions Topease

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
businessdnasolutions
CWE-307
critical
NVD
Published: 2021-11-30
Updated: 2023-11-07

Summary

Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges.

Vulnerable Configurations

Part Description Count
Application
Businessdnasolutions
30

Common Weakness Enumeration (CWE)

References