Access Control Vulnerability in Mendix Applications Affecting Multiple Versions
CVE-2021-33718

5.3MEDIUM

Key Information:

Vendor
Siemens
Status
Mendix Applications Using Mendix 7
Mendix Applications Using Mendix 8
Mendix Applications Using Mendix 9
Vendor
CVE Published:
13 July 2021

Summary

An access control vulnerability in Mendix Applications allows a user to bypass write access checks for attributes in an object. If a user possesses write permission for the first attribute of an object, they can manipulate other attributes without proper authorization. This could lead to unauthorized modifications and expose sensitive data, necessitating timely updates to affected versions to mitigate risks.

Affected Version(s)

Mendix Applications using Mendix 7 All versions < V7.23.22

Mendix Applications using Mendix 8 All versions < V8.18.7

Mendix Applications using Mendix 9 All versions < V9.3.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-35252...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.