CVE-2021-42115

CRITICAL Year: 2021
CVSS v3 Score
9.1
Critical
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-1004
View all →

Vulnerability Description

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID.

Related Vulnerabilities

CVE-2025-26844

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.

CWE-10042025

CVE-2022-25172

HIGH
CVSS:7.5(High)

An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessibl...

CWE-10042022

CVE-2022-33167

HIGH
CVSS:7.5(High)

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly fla...

CWE-10042022

CVE-2022-43845

HIGH
CVSS:7.5(High)

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability...

CWE-10042022

CVE-2024-41685

MEDIUM
CVSS:7.5(High)

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote acce...

CWE-10042024

CVE-2021-3706

HIGH
CVSS:7.4(High)

adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag

CWE-10042021