CVE-2021-42121 (GCVE-0-2021-42121)
Vulnerability from cvelistv5 – Published: 2021-11-30 11:28 – Updated: 2024-08-04 03:30
VLAI?
Title
Denial of Service via Invalid Date Format in TopEase
Summary
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads to breaking the object page that the date field is present.
Severity ?
4.3 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Business-DNA Solutions GmbH | TopEase |
Affected:
unspecified , ≤ 7.1.27
(custom)
|
Credits
SIX Group Services AG, Cyber Controls
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:36.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://confluence.topease.ch/confluence/display/DOC/Release+Notes"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TopEase",
"vendor": "Business-DNA Solutions GmbH",
"versions": [
{
"lessThanOrEqual": "7.1.27",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "SIX Group Services AG, Cyber Controls"
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH\u2019s TopEase\u00ae Platform Version \u003c= 7.1.27 on an object\u2019s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads to breaking the object page that the date field is present."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-30T11:28:12.000Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://confluence.topease.ch/confluence/display/DOC/Release+Notes"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial of Service via Invalid Date Format in TopEase",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@ncsc.ch",
"ID": "CVE-2021-42121",
"STATE": "PUBLIC",
"TITLE": "Denial of Service via Invalid Date Format in TopEase"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TopEase",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.1.27"
}
]
}
}
]
},
"vendor_name": "Business-DNA Solutions GmbH"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SIX Group Services AG, Cyber Controls"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH\u2019s TopEase\u00ae Platform Version \u003c= 7.1.27 on an object\u2019s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads to breaking the object page that the date field is present."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://confluence.topease.ch/confluence/display/DOC/Release+Notes",
"refsource": "CONFIRM",
"url": "https://confluence.topease.ch/confluence/display/DOC/Release+Notes"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2021-42121",
"datePublished": "2021-11-30T11:28:12.000Z",
"dateReserved": "2021-10-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:30:36.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…