CVE-2021-42544 HIGH

CVE-2021-42544: Lack of Rate limiting in Authentication in TopEase

Vendor Business-Dna Solutions Gmbh
Product TopEase
Weakness CWE-307 · Brute force
Published November 30, 2021
Last update August 4, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges.

Key dates

02Disclosure timeline

November 30, 2021 CVE published
August 4, 2024 Record updated