Vulnerabilities > Businessdnasolutions > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-30 | CVE-2021-42115 | Incorrect Permission Assignment for Critical Resource vulnerability in Businessdnasolutions Topease Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID. | 9.1 |
| 2021-11-30 | CVE-2021-42544 | Improper Restriction of Excessive Authentication Attempts vulnerability in Businessdnasolutions Topease Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges. | 9.8 |