Improper Access Control in Mendix Applications by Mendix
CVE-2021-42025

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Mendix Applications Using Mendix 8; Mendix Applications Using Mendix 9
Vendor: CVE Published:; 9 November 2021

What is CVE-2021-42025?

A significant vulnerability has been identified in Mendix Applications built on versions of Mendix Studio Pro prior to V8.18.13 and V9.6.2. This issue arises from insufficient control over write access for certain client actions, allowing authenticated attackers to manipulate System.FileDocument objects. Consequently, attackers may exploit this vulnerability to alter content within these documents, even if they lack legitimate write access. The implications of this flaw highlight the need for urgent remediation in all affected Mendix applications to safeguard against unauthorized data manipulation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mendix Applications using Mendix 8 All versions < V8.18.13

Mendix Applications using Mendix 9 All versions < V9.6.2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-77969...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 9, 2021
Vulnerability Reserved
Oct 6, 2021

JSON

Siemens

What is CVE-2021-42025?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.