CVE-2021-42115
📋 TL;DR
This vulnerability allows unauthenticated remote attackers to steal session-independent static cookies and escalate privileges to authenticated users in TopEase Platform. It affects all Web Applications operating on Business-DNA Solutions GmbH's TopEase Platform Version <= 7.1.27. The missing HTTPOnly flag enables cookie theft via cross-site scripting or similar attacks.
💻 Affected Systems
- Business-DNA Solutions GmbH TopEase Platform
📦 What is this software?
Topease by Businessdnasolutions
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise where attackers gain authenticated access to all functionality, potentially leading to data theft, system manipulation, or further privilege escalation.
Likely Case
Unauthenticated attackers gain authenticated user privileges, accessing sensitive data and performing actions reserved for legitimate users.
If Mitigated
With proper controls like WAFs and network segmentation, impact is limited to isolated systems with minimal data exposure.
🎯 Exploit Status
Exploitation requires cookie theft via XSS or similar client-side attacks, then cookie injection to gain authenticated access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: > 7.1.27
Vendor Advisory: https://confluence.topease.ch/confluence/display/DOC/Release+Notes
Restart Required: Yes
Instructions:
1. Upgrade TopEase Platform to version > 7.1.27. 2. Restart all TopEase services. 3. Verify HTTPOnly flag is set on UID cookie.
🔧 Temporary Workarounds
Implement WAF Cookie Protection
allConfigure web application firewall to protect cookies and detect cookie theft attempts.
Network Segmentation
allIsolate TopEase systems from untrusted networks and implement strict access controls.
🧯 If You Can't Patch
- Implement strict network access controls to limit exposure to trusted sources only.
- Deploy web application firewall with cookie protection and session validation rules.
🔍 How to Verify
Check if Vulnerable:
Check TopEase version via admin interface or configuration files. If version <= 7.1.27, inspect UID cookie for HTTPOnly flag using browser developer tools.Check Version:
Check TopEase admin interface or configuration files for version information.Verify Fix Applied:
After upgrade, verify version > 7.1.27 and confirm UID cookie has HTTPOnly flag set in browser developer tools.📡 Detection & Monitoring
Log Indicators:
- Multiple failed authentication attempts followed by successful authentication from same IP
- Unusual cookie manipulation patterns
Network Indicators:
- Cookie theft attempts via XSS payloads
- Unauthenticated requests with UID cookies
SIEM Query:
source="topease" AND (event="authentication" AND result="success" AND src_ip NOT IN trusted_ips) OR (event="cookie_manipulation")