CVE-2021-42121

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbHs TopEase Platform Version <= 7.1.27 on an objects date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads to breaking the object page that the date field is present.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
NCSC.chCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
businessdnasolutionstopease
𝑥
≤ 7.1.27
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://confluence.topease.ch/confluence/display/DOC/Release+Notes
https://confluence.topease.ch/confluence/display/DOC/Release+Notes