CVE-2021-42545

Critical

An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows…

NCSC.ch·CWE-613·Published 2021-11-30

CVSS

9.1

EPSS

0.01

KEV

Exploits

cve.orgen

213 chars

An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.

NVDen

213 chars

NVDes

273 chars

Se presenta una vulnerabilidad de caducidad de sesión insuficiente en la plataforma TopEase® de Business-DNA Solutions GmbH, versiones anteriores a 7.1.27 incluyéndola, que permite a un atacante remoto reusar, falsificar o robar otras sesiones de usuario y de administrador

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.4	10.0	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N
3.1	Primary	NVD	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N