CVE-2021-27394

8.8HIGH

Key Information:

Vendor: Siemens
Status: Mendix Applications Using Mendix 7; Mendix Applications Using Mendix 8; Mendix Applications Using Mendix 8 (v8.12); Mendix Applications Using Mendix 8 (v8.6)
Vendor: CVE Published:; 16 April 2021

Summary

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions < V8.6.9), Mendix Applications using Mendix 9 (All versions < V9.0.5). Authenticated, non-administrative users could modify their privileges by manipulating the user role under certain circumstances, allowing them to gain administrative privileges.

Affected Version(s)

Mendix Applications using Mendix 7 All versions < V7.23.19

Mendix Applications using Mendix 8 All versions < V8.17.0

Mendix Applications using Mendix 8 (V8.12) All versions < V8.12.5

References

https://cert-portal.siemens.com/productcert/pdf/ssa-87572...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2021
Vulnerability Reserved
Feb 18, 2021