Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID.
The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Topease | Businessdnasolutions | * | 7.1.27 (including) |