Arbitrary String Insertion Vulnerability in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27

Arbitrary String Insertion Vulnerability in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27

CVE-2021-42120 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on all object attributes allows an authenticated remote attacker with Object Modification privileges to insert arbitrarily long strings, eventually leading to exhaustion of the underlying resource.

Learn more about our Web App Pen Testing.