Access Control Vulnerability in Mendix Applications Affecting Multiple Versions
CVE-2021-33718

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Mendix Applications Using Mendix 7; Mendix Applications Using Mendix 8; Mendix Applications Using Mendix 9
Vendor: CVE Published:; 13 July 2021

What is CVE-2021-33718?

An access control vulnerability in Mendix Applications allows a user to bypass write access checks for attributes in an object. If a user possesses write permission for the first attribute of an object, they can manipulate other attributes without proper authorization. This could lead to unauthorized modifications and expose sensitive data, necessitating timely updates to affected versions to mitigate risks.

Affected Version(s)

Mendix Applications using Mendix 7 All versions < V7.23.22

Mendix Applications using Mendix 8 All versions < V8.18.7

Mendix Applications using Mendix 9 All versions < V9.3.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-35252...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2021
Vulnerability Reserved
May 28, 2021

Siemens

What is CVE-2021-33718?

Affected Version(s)

References

CVSS V3.1

Timeline