businessdnasolutions CVE Vulnerabilities & Metrics

Focus on businessdnasolutions vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About businessdnasolutions Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with businessdnasolutions. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total businessdnasolutions CVEs: 10
Earliest CVE date: 30 Nov 2021, 12:15 UTC
Latest CVE date: 30 Nov 2021, 12:15 UTC

Latest CVE reference: CVE-2021-42544

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical businessdnasolutions CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.69

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	6
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS businessdnasolutions CVEs

These are the five CVEs with the highest CVSS scores for businessdnasolutions, sorted by severity first and recency.

CVE-2021-42544 businessdnasolutions Published on 30 Nov 2021, 12:15 UTC (CVSS: 7.5)
Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges.
CVE-2021-42123 businessdnasolutions Published on 30 Nov 2021, 12:15 UTC (CVSS: 6.5)
Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side attacks.
CVE-2021-42115 businessdnasolutions Published on 30 Nov 2021, 12:15 UTC (CVSS: 6.4)
Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID.
CVE-2021-42122 businessdnasolutions Published on 30 Nov 2021, 12:15 UTC (CVSS: 4.0)
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s attributes with numeric format allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format, which makes the affected attribute non-editable.
CVE-2021-42121 businessdnasolutions Published on 30 Nov 2021, 12:15 UTC (CVSS: 4.0)
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads to breaking the object page that the date field is present.

All CVEs for businessdnasolutions

CVE-2021-42544 businessdnasolutions vulnerability CVSS: 7.5 30 Nov 2021, 12:15 UTC

Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges.

CVE-2021-42123 businessdnasolutions vulnerability CVSS: 6.5 30 Nov 2021, 12:15 UTC

Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side attacks.

CVE-2021-42122 businessdnasolutions vulnerability CVSS: 4.0 30 Nov 2021, 12:15 UTC

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s attributes with numeric format allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format, which makes the affected attribute non-editable.

CVE-2021-42121 businessdnasolutions vulnerability CVSS: 4.0 30 Nov 2021, 12:15 UTC

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads to breaking the object page that the date field is present.

CVE-2021-42120 businessdnasolutions vulnerability CVSS: 4.0 30 Nov 2021, 12:15 UTC

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on all object attributes allows an authenticated remote attacker with Object Modification privileges to insert arbitrarily long strings, eventually leading to exhaustion of the underlying resource.

CVE-2021-42119 businessdnasolutions vulnerability CVSS: 3.5 30 Nov 2021, 12:15 UTC

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then rendered in the Search Functionality, to alter the intended functionality and steal cookies, the latter allowing for account takeover.

CVE-2021-42118 businessdnasolutions vulnerability CVSS: 3.5 30 Nov 2021, 12:15 UTC

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary HTML and JavaScript code in an object attribute, which is then rendered in the Structure Component, to alter the intended functionality and steal cookies, the latter allowing for account takeover.

CVE-2021-42117 businessdnasolutions vulnerability CVSS: 3.5 30 Nov 2021, 12:15 UTC

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution.

CVE-2021-42116 businessdnasolutions vulnerability CVSS: 4.0 30 Nov 2021, 12:15 UTC

Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged users, via identifying said components in the front-end source code or other means.

CVE-2021-42115 businessdnasolutions vulnerability CVSS: 6.4 30 Nov 2021, 12:15 UTC

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID.