VDB
ICSA-21-194-16
ICSA-21-194-16
PUBLISHED
CVSS 5.300000190734863 MEDIUM
An incorrect authorization check in Mendix applications could allow an attacker to bypass write permissions to attributes of objects under certain circumstances. Mendix has released an update for Mendix and recommends to update to the latest version.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mendix Applications using Mendix 7 | ||
| Mendix Applications using Mendix 8 | ||
| Mendix Applications using Mendix 9 |
Exploit Intelligence
- https://cert-portal.siemens.com/productcert/csaf/ssa-352521.json (circl)
- https://cert-portal.siemens.com/productcert/txt/ssa-352521.txt (circl)
- https://cert-portal.siemens.com/productcert/pdf/ssa-352521.pdf (circl)
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-194-16.json (circl)
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-194-16 (circl)
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 (circl)
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices (circl)
- https://www.cisa.gov/topics/industrial-control-systems (circl)
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf (circl)
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf (circl)
…and 4 more exploits
Timeline
- Jul 13, 2021 CVE Published
- May 6, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-352521.json advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-352521.txt advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-352521.pdf advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-194-16.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-194-16 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://docs.mendix.com/releasenotes/studio-pro/7.23 fix
- https://docs.mendix.com/releasenotes/studio-pro/8.18 fix
- https://docs.mendix.com/releasenotes/studio-pro/9.3 fix