VDB
SSA-352521
SSA-352521
PUBLISHED
CVSS 5.300000190734863 MEDIUM
An incorrect authorization check in Mendix applications could allow an attacker to bypass write permissions to attributes of objects under certain circumstances. Mendix has released an update for Mendix and recommends to update to the latest version.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mendix Applications using Mendix 7 | ||
| Mendix Applications using Mendix 9 | ||
| Mendix Applications using Mendix 8 |
Exploit Intelligence
- https://cert-portal.siemens.com/productcert/pdf/ssa-352521.pdf (circl)
- https://cert-portal.siemens.com/productcert/txt/ssa-352521.txt (circl)
- https://cert-portal.siemens.com/productcert/csaf/ssa-352521.json (circl)
- https://docs.mendix.com/releasenotes/studio-pro/7.23 (circl)
- https://docs.mendix.com/releasenotes/studio-pro/8.18 (circl)
- https://docs.mendix.com/releasenotes/studio-pro/9.3 (circl)
Timeline
- CVE Published
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-352521.pdf advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-352521.txt advisory
- https://cert-portal.siemens.com/productcert/csaf/ssa-352521.json advisory
- https://docs.mendix.com/releasenotes/studio-pro/7.23 fix
- https://docs.mendix.com/releasenotes/studio-pro/8.18 fix
- https://docs.mendix.com/releasenotes/studio-pro/9.3 fix