漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Missing HTTPOnly flag on sensitive cookie in TopEase
Vulnerability Description
Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
没有’HttpOnly’标志的敏感Cookie
Vulnerability Title
Business-Dna Solution GmbH TopEase 安全漏洞
Vulnerability Description
Business-Dna Solution GmbH TopEase是瑞士Business-Dna Solution GmbH公司的一种“转型风险”解决方案。用于全面、简单、快速和安全地管理复杂的项目和措施。 TopEase 存在安全漏洞,该漏洞源于程序运行的Web应用程序中缺少HTTPOnly标志,远程攻击者通过窃取和注入与会话无关的静态cookie UI将权限从未经身份验证的用户提升到经过身份验证的用户。
CVSS Information
N/A
Vulnerability Type
N/A